Randomness is related to the concept of unpredictability: given a number (or sequence of numbers) you are unable to predict what the next number will be. In addition, other requirements may be present, such as the probability of each number within the domain being drawn (which, in general, must be the same).
Computers in general are deterministic, ie: the same program executed twice with all identical entries will produce two identical outputs. For this reason, a external source is necessary to produce really random results. This is not something the computer can produce by itself.
As such a source is rarely present, several algorithms have been designed to produce sequences of numbers that are - to some degree - indistinguishable from a random sequence, from a single starting value (seed, or Seed). This starting value has to be different with each invocation of the program, but it does not necessarily have to be random, so a widely used source is the system clock. Such algorithms are called Pseudo-Random Number Generators (PRNG).
Some applications, such as cryptography, require generated sequences to be truly unpredictable without the knowledge of the external source(s) (s). A common PRNG may have its seed "guessed" after observing a finite number (and computationally speaking, not very large) of previously generated numbers. This is not a problem in domains such as simulations (as it is sufficient that the sequence seem random), but when the security of a system and/or the confidentiality of a communication depends on that randomness, a more sophisticated algorithm is needed (a CSPRNG - PRNG Cryptographically Safe).
One way to do this is to generate a sequence of pseudo-random numbers using as seed a secret key. This is done through a simple counter (zero, one, two...) where each element is encrypted or hashed with the aid of this key. This is even the way most flow ciphers (stream Cipher) work: generate a random sequence of bytes, and combine this sequence with the data using XOR.
When a secret seed is not available, then all that remains is to resort to other external sources, as mentioned earlier. Various events of the computer itself can be considered "unpredictable", such as: a) the keystrokes typed by the user or the movement of the mouse; b) the date of creation of the various files (or even their contents); c) the historical CPU usage data; etc. Not always the entropy (disorder, unpredictability) of these events is sufficient, but their combination with a PRNG can greatly increase the quality of it. As mentioned in another answer, the numbers generated by a common PRNG start repeating after a certain period. If this is combined with data from external sources (mixture, or Mixing) this period can be quite lengthy - which is sufficient for many practical applications.
Finally, if none of this is enough, only the use of hardware modules (probably involving quantum mechanics) or data from external systems remains. The site Random.org, for example, generates a sequence of random numbers based on atmospheric information (Atmospheric Noise) - which are so unpredictable with current technology that they can be considered "really random". Of course, one should not use them for confidential operations (such as generating passwords and keys) because they come from third parties, but for scientific applications or perhaps raffles in games of chance, they can be a good alternative.
It should be remembered that many of the modern generators, even without access to an "external random generator" (electronic device of quantum events that you mentioned), have access to the clock. The clock helps to "sow" randomization without repeating, and this is even present in calculators. Query the data memory randomly (
/dev
s cited) also helps and can mix clock data, but requires more complex interruptions and treatment.– Peter Krauss
Brownian movements are truly random.
– Miguel Angelo
@Peterkrauss There are several ways to get a good mix (random data with pseudo-random) without this interruption problem. According to that response in security.SE, many people think that
/dev/urandom/
is problematic because "in the absence of sufficient entropy it falls on pseudo-random numbers", but in practice this should not occur never. Also, as I commented in my answer, there are other phenomena unpredictable enough that are indistinguishable from pure randomness.– mgibsonbr
@mgibsonbr Corretíssimo, and as 90% of uses are not scientific, and 90% of users do not demand high encryption, solved in this context. I must stick only to the simplest machines, without "memory for mixing", but with clock availability (a very cheap feature)... There is also the didactic example, of the experiment where new ("virgin") and identical machines will always have the same seed so the same random result. The clock softens the situation if there’s no timing, and something like
/dev/urandom/
solves right at the first different bits between them.– Peter Krauss
Getting entropy from physical/quantum effects may not be so difficult. Some of the noise on an off-air TV or radio comes directly from the Big Bang. That is, You can constitute a random generator of very good quality simply by attaching a radio out of the station on the sound board :)
– epx
This business of the /dev/urandom being less secure is superstition https://gist.github.com/tarcieri/6347417
– epx
Taking advantage of the TV interference tip as a random generator through an RF circuit coupled to the computer. Using any microcontroller just build a small circuit with a wire or track of certain length coupled to one of the analog ports and read it to generate the SEED of the random number generator, at each reading of the analog port this will capitalise the electrical interference present in the environment, and may even suffer capacitive effects with the proximity of metallic objects or the human body.
– Delfino