I decided to try and write a proper random number generator in Delphi as I couldn't seem to find one on the web. When generating encryption keys it is essential to use numbers that are truly random rather than the pseudo random number functions provided in most programming languages, as these pseudo random numbers are basically sequences that can be reconstructed in order to break the encryption keys. Generating random numbers sounds pretty simple, but it is actually a lot more difficult than you first imagine. Anyway, after quite a few attempts I managed to produce an algorithm that appears to generate very random numbers. It uses a combination of the position of your mouse, the least significant bits of the current time combined with some details about the amount of free memory and swap space on your machine which seems to change very frequently in Windows. I would like to introduce even more random elements such as the times taken to read network traffic but for now this will do.
The program is very simple, you enter the the number of random integers you would like the program to generate and the highest possible value, then move your mouse around and wait for it to generate the numbers. The algorithm blocks if you do not move your mouse as it needs the randomness of the current mouse cursor position. When it's done it produces a table showing the frequency of the values generated.
I'm debating whether or not to use this algorithm in Win Crypto Chat which currently uses the pseudo random number generator Isaac, but until I am 100% certain that this algorithm is safe and really does generate completely random numbers I am reluctant to use it. If anybody reading this would like to have a look at my algorithm and comment on it I would really appreciate that. To save you downloading the whole program, I have reproduced just the algorithm below: (here's the full program & source)
Inspiration: The paragraph below describes how Ordo generates its random numbers in Cryptonomicon. Unfortunately, Windows does not allow you to get the current time with this level of precision, it only allows you to get the time in milliseconds not microseconds, so I was unable to use the exact technique described below. Also, I found that trying to measure the intervals between mouse events produced values that were too similar, therefore I had to use the mouse cursor position as well.
Inside Randy’s computer is a precise clock. Whenever he strikes a key, Ordo uses that clock to record the current time, down to microseconds. He hits a key at 03:03:56.935788 and he hits another one at 03:05:57.290664, or about .354876 seconds later. Another .372307 seconds later, he hits another one. Ordo keeps track of all of these intervals and discards the more significant digits (in this example the .35 and the .37) because these parts will tend to be similar from one event to the next.
Ordo wants randomness. It only wants the least significant digits—say, the 76 and the 07 at the very ends of these numbers. It wants a whole lot of random numbers, and it wants them to be very, very random. It is taking somewhat random numbers and feeding them through hash functions that make them even more random. It is running statistical routines on the results to make sure that they contain no hidden patterns. It has breathtakingly high standards for randomness, and it will not stop asking Randy to whack on the keyboard until those standards are met.
If you have any questions or want to report a bug please drop me a line at