The problem with randomness

How to generate random numbers from spam

I found SecurityDump’s WPRandom the other day:

Generating random numbers is pretty complicated if you need them for cryptographic algorithms. This software generates them based on spam comments…

It caught my eye as a sort of “spinning spam into RNG gold”, or more likely, PRNG (pseudo-random number generated) gold. Many WordPress blogs, whether self-hosted using or not, effectively use Akismet as a comment spam sieve. As I’ve learned during my time with WordPress, and with spam comments, Akismet will not publish comments that it identifies as probable spam. This provides a possibly crucial aspect of SecurityDump’s application:

no one will be able to see the source of your numbers, unless they hack into your database

All the details are available on the Google project site for WPRandom, Problems and Attack Vectors wiki. I have no idea if SecurityDump worked the bugs out of this yet or not. I found it an amusing idea, though, to squeeze some genuine value from the efforts of spammers.

A slightly cynical RNG

Randall Munroe, of xkcd web comic fame, seems to have a less than favorable perception of the internet standards authority, Internet Engineering Task Force (IETF). xkcd 221 predated the recent mess that is HTTP 2.0 by many years, see HTTP/2.0 — The IETF is Phoning It In for lurid details, so I can only imagine what he would say about the IETF now.

For the curious, I wrote a little more about Randall Munroe, xkcd with love and geohashing and even random numbers, in Java.

*The IETF uses RFC (request for comment) memoranda, as do many other organizations, despite what Wikipedia says 😉

Leave a Reply

Your email address will not be published. Required fields are marked *