Using Tweets as a Random seed












1














I would like to start by saying I know nothing about Cryptography and was reading up on how to choose a random seed and this link is something that I found. What I basically understood that the seed has to be sufficiently random that guessing the seed would be hard.



So the question is would the hash of a Tweet, at any given time, be a good candidate for a random seed? This is mainly because the content of a Tweet can be practically anything as it's being generated by a huge percentage of the world population.



That said, I understand it is possible to game it by mass tweeting a specific string continuously from multiple accounts flooding the tweet stream with predictable seeds. So if this can be mitigated by blacklisting the bad usernames, is using tweets for seeds a viable option?










share|improve this question







New contributor




aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    1














    I would like to start by saying I know nothing about Cryptography and was reading up on how to choose a random seed and this link is something that I found. What I basically understood that the seed has to be sufficiently random that guessing the seed would be hard.



    So the question is would the hash of a Tweet, at any given time, be a good candidate for a random seed? This is mainly because the content of a Tweet can be practically anything as it's being generated by a huge percentage of the world population.



    That said, I understand it is possible to game it by mass tweeting a specific string continuously from multiple accounts flooding the tweet stream with predictable seeds. So if this can be mitigated by blacklisting the bad usernames, is using tweets for seeds a viable option?










    share|improve this question







    New contributor




    aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      1












      1








      1







      I would like to start by saying I know nothing about Cryptography and was reading up on how to choose a random seed and this link is something that I found. What I basically understood that the seed has to be sufficiently random that guessing the seed would be hard.



      So the question is would the hash of a Tweet, at any given time, be a good candidate for a random seed? This is mainly because the content of a Tweet can be practically anything as it's being generated by a huge percentage of the world population.



      That said, I understand it is possible to game it by mass tweeting a specific string continuously from multiple accounts flooding the tweet stream with predictable seeds. So if this can be mitigated by blacklisting the bad usernames, is using tweets for seeds a viable option?










      share|improve this question







      New contributor




      aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      I would like to start by saying I know nothing about Cryptography and was reading up on how to choose a random seed and this link is something that I found. What I basically understood that the seed has to be sufficiently random that guessing the seed would be hard.



      So the question is would the hash of a Tweet, at any given time, be a good candidate for a random seed? This is mainly because the content of a Tweet can be practically anything as it's being generated by a huge percentage of the world population.



      That said, I understand it is possible to game it by mass tweeting a specific string continuously from multiple accounts flooding the tweet stream with predictable seeds. So if this can be mitigated by blacklisting the bad usernames, is using tweets for seeds a viable option?







      randomness pseudo-random-generator






      share|improve this question







      New contributor




      aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question







      New contributor




      aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question






      New contributor




      aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 7 hours ago









      aa8y

      1091




      1091




      New contributor




      aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          1 Answer
          1






          active

          oldest

          votes


















          3














          How are you going to decide which tweet to use? Randomly? This quickly leads to a chicken / egg problem.



          What if the chosen tweet is one word? That would not add a lot of entropy.



          What if twitter is unavailable? Are you just stopping your service that relies on the entropy or are you going to continue regardless?



          How are you going to keep the chosen tweet secret? You can use TLS, but TLS requires a random number generator to operate.



          How are you going to blacklist in advance? You don't know the attackers in advance, right?



          What if twitter changes his API? Would you keep running if the tweet collection agent crashes or returns bad results?



          What if your government decides to block Twitter? There are plenty of governments doing that.



          What if you choose a heavily retweeted tweet? How much entropy would that contain?



          Having something that provides entropy is just the first step. In general you want something that is local and hard to influence and easy to understand / validate. Twitter doesn't seem to be a good option for any of those requirements.






          share|improve this answer





















            Your Answer





            StackExchange.ifUsing("editor", function () {
            return StackExchange.using("mathjaxEditing", function () {
            StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
            StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
            });
            });
            }, "mathjax-editing");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "281"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            noCode: true, onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });






            aa8y is a new contributor. Be nice, and check out our Code of Conduct.










            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66289%2fusing-tweets-as-a-random-seed%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            3














            How are you going to decide which tweet to use? Randomly? This quickly leads to a chicken / egg problem.



            What if the chosen tweet is one word? That would not add a lot of entropy.



            What if twitter is unavailable? Are you just stopping your service that relies on the entropy or are you going to continue regardless?



            How are you going to keep the chosen tweet secret? You can use TLS, but TLS requires a random number generator to operate.



            How are you going to blacklist in advance? You don't know the attackers in advance, right?



            What if twitter changes his API? Would you keep running if the tweet collection agent crashes or returns bad results?



            What if your government decides to block Twitter? There are plenty of governments doing that.



            What if you choose a heavily retweeted tweet? How much entropy would that contain?



            Having something that provides entropy is just the first step. In general you want something that is local and hard to influence and easy to understand / validate. Twitter doesn't seem to be a good option for any of those requirements.






            share|improve this answer


























              3














              How are you going to decide which tweet to use? Randomly? This quickly leads to a chicken / egg problem.



              What if the chosen tweet is one word? That would not add a lot of entropy.



              What if twitter is unavailable? Are you just stopping your service that relies on the entropy or are you going to continue regardless?



              How are you going to keep the chosen tweet secret? You can use TLS, but TLS requires a random number generator to operate.



              How are you going to blacklist in advance? You don't know the attackers in advance, right?



              What if twitter changes his API? Would you keep running if the tweet collection agent crashes or returns bad results?



              What if your government decides to block Twitter? There are plenty of governments doing that.



              What if you choose a heavily retweeted tweet? How much entropy would that contain?



              Having something that provides entropy is just the first step. In general you want something that is local and hard to influence and easy to understand / validate. Twitter doesn't seem to be a good option for any of those requirements.






              share|improve this answer
























                3












                3








                3






                How are you going to decide which tweet to use? Randomly? This quickly leads to a chicken / egg problem.



                What if the chosen tweet is one word? That would not add a lot of entropy.



                What if twitter is unavailable? Are you just stopping your service that relies on the entropy or are you going to continue regardless?



                How are you going to keep the chosen tweet secret? You can use TLS, but TLS requires a random number generator to operate.



                How are you going to blacklist in advance? You don't know the attackers in advance, right?



                What if twitter changes his API? Would you keep running if the tweet collection agent crashes or returns bad results?



                What if your government decides to block Twitter? There are plenty of governments doing that.



                What if you choose a heavily retweeted tweet? How much entropy would that contain?



                Having something that provides entropy is just the first step. In general you want something that is local and hard to influence and easy to understand / validate. Twitter doesn't seem to be a good option for any of those requirements.






                share|improve this answer












                How are you going to decide which tweet to use? Randomly? This quickly leads to a chicken / egg problem.



                What if the chosen tweet is one word? That would not add a lot of entropy.



                What if twitter is unavailable? Are you just stopping your service that relies on the entropy or are you going to continue regardless?



                How are you going to keep the chosen tweet secret? You can use TLS, but TLS requires a random number generator to operate.



                How are you going to blacklist in advance? You don't know the attackers in advance, right?



                What if twitter changes his API? Would you keep running if the tweet collection agent crashes or returns bad results?



                What if your government decides to block Twitter? There are plenty of governments doing that.



                What if you choose a heavily retweeted tweet? How much entropy would that contain?



                Having something that provides entropy is just the first step. In general you want something that is local and hard to influence and easy to understand / validate. Twitter doesn't seem to be a good option for any of those requirements.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 2 hours ago









                Maarten Bodewes

                53.1k677191




                53.1k677191






















                    aa8y is a new contributor. Be nice, and check out our Code of Conduct.










                    draft saved

                    draft discarded


















                    aa8y is a new contributor. Be nice, and check out our Code of Conduct.













                    aa8y is a new contributor. Be nice, and check out our Code of Conduct.












                    aa8y is a new contributor. Be nice, and check out our Code of Conduct.
















                    Thanks for contributing an answer to Cryptography Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    Use MathJax to format equations. MathJax reference.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66289%2fusing-tweets-as-a-random-seed%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    What visual should I use to simply compare current year value vs last year in Power BI desktop

                    How to ignore python UserWarning in pytest?

                    Alexandru Averescu