Using Tweets as a Random seed
I would like to start by saying I know nothing about Cryptography and was reading up on how to choose a random seed and this link is something that I found. What I basically understood that the seed has to be sufficiently random that guessing the seed would be hard.
So the question is would the hash of a Tweet, at any given time, be a good candidate for a random seed? This is mainly because the content of a Tweet can be practically anything as it's being generated by a huge percentage of the world population.
That said, I understand it is possible to game it by mass tweeting a specific string continuously from multiple accounts flooding the tweet stream with predictable seeds. So if this can be mitigated by blacklisting the bad usernames, is using tweets for seeds a viable option?
randomness pseudo-random-generator
asked 7 hours ago
aa8y
1091
New contributor
aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I would like to start by saying I know nothing about Cryptography and was reading up on how to choose a random seed and this link is something that I found. What I basically understood that the seed has to be sufficiently random that guessing the seed would be hard.
So the question is would the hash of a Tweet, at any given time, be a good candidate for a random seed? This is mainly because the content of a Tweet can be practically anything as it's being generated by a huge percentage of the world population.
That said, I understand it is possible to game it by mass tweeting a specific string continuously from multiple accounts flooding the tweet stream with predictable seeds. So if this can be mitigated by blacklisting the bad usernames, is using tweets for seeds a viable option?
randomness pseudo-random-generator
asked 7 hours ago
aa8y
1091
New contributor
aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I would like to start by saying I know nothing about Cryptography and was reading up on how to choose a random seed and this link is something that I found. What I basically understood that the seed has to be sufficiently random that guessing the seed would be hard.
So the question is would the hash of a Tweet, at any given time, be a good candidate for a random seed? This is mainly because the content of a Tweet can be practically anything as it's being generated by a huge percentage of the world population.
That said, I understand it is possible to game it by mass tweeting a specific string continuously from multiple accounts flooding the tweet stream with predictable seeds. So if this can be mitigated by blacklisting the bad usernames, is using tweets for seeds a viable option?
randomness pseudo-random-generator
asked 7 hours ago
aa8y
1091
New contributor
aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I would like to start by saying I know nothing about Cryptography and was reading up on how to choose a random seed and this link is something that I found. What I basically understood that the seed has to be sufficiently random that guessing the seed would be hard.
So the question is would the hash of a Tweet, at any given time, be a good candidate for a random seed? This is mainly because the content of a Tweet can be practically anything as it's being generated by a huge percentage of the world population.
That said, I understand it is possible to game it by mass tweeting a specific string continuously from multiple accounts flooding the tweet stream with predictable seeds. So if this can be mitigated by blacklisting the bad usernames, is using tweets for seeds a viable option?
randomness pseudo-random-generator
randomness pseudo-random-generator
asked 7 hours ago
aa8y
1091
New contributor
aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 7 hours ago
aa8y
1091
New contributor
aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 7 hours ago
aa8y
1091
New contributor
aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 7 hours ago
aa8y
1091
asked 7 hours ago
aa8y
1091
1091
New contributor
aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
aa8y is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
How are you going to decide which tweet to use? Randomly? This quickly leads to a chicken / egg problem.
What if the chosen tweet is one word? That would not add a lot of entropy.
What if twitter is unavailable? Are you just stopping your service that relies on the entropy or are you going to continue regardless?
How are you going to keep the chosen tweet secret? You can use TLS, but TLS requires a random number generator to operate.
How are you going to blacklist in advance? You don't know the attackers in advance, right?
What if twitter changes his API? Would you keep running if the tweet collection agent crashes or returns bad results?
What if your government decides to block Twitter? There are plenty of governments doing that.
What if you choose a heavily retweeted tweet? How much entropy would that contain?
Having something that provides entropy is just the first step. In general you want something that is local and hard to influence and easy to understand / validate. Twitter doesn't seem to be a good option for any of those requirements.
answered 2 hours ago
Maarten Bodewes♦
53.1k677191
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
aa8y is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66289%2fusing-tweets-as-a-random-seed%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
How are you going to decide which tweet to use? Randomly? This quickly leads to a chicken / egg problem.
What if the chosen tweet is one word? That would not add a lot of entropy.
What if twitter is unavailable? Are you just stopping your service that relies on the entropy or are you going to continue regardless?
How are you going to keep the chosen tweet secret? You can use TLS, but TLS requires a random number generator to operate.
How are you going to blacklist in advance? You don't know the attackers in advance, right?
What if twitter changes his API? Would you keep running if the tweet collection agent crashes or returns bad results?
What if your government decides to block Twitter? There are plenty of governments doing that.
What if you choose a heavily retweeted tweet? How much entropy would that contain?
Having something that provides entropy is just the first step. In general you want something that is local and hard to influence and easy to understand / validate. Twitter doesn't seem to be a good option for any of those requirements.
answered 2 hours ago
Maarten Bodewes♦
53.1k677191
add a comment |
How are you going to decide which tweet to use? Randomly? This quickly leads to a chicken / egg problem.
What if the chosen tweet is one word? That would not add a lot of entropy.
What if twitter is unavailable? Are you just stopping your service that relies on the entropy or are you going to continue regardless?
How are you going to keep the chosen tweet secret? You can use TLS, but TLS requires a random number generator to operate.
How are you going to blacklist in advance? You don't know the attackers in advance, right?
What if twitter changes his API? Would you keep running if the tweet collection agent crashes or returns bad results?
What if your government decides to block Twitter? There are plenty of governments doing that.
What if you choose a heavily retweeted tweet? How much entropy would that contain?
Having something that provides entropy is just the first step. In general you want something that is local and hard to influence and easy to understand / validate. Twitter doesn't seem to be a good option for any of those requirements.
answered 2 hours ago
Maarten Bodewes♦
53.1k677191
add a comment |
How are you going to decide which tweet to use? Randomly? This quickly leads to a chicken / egg problem.
What if the chosen tweet is one word? That would not add a lot of entropy.
What if twitter is unavailable? Are you just stopping your service that relies on the entropy or are you going to continue regardless?
How are you going to keep the chosen tweet secret? You can use TLS, but TLS requires a random number generator to operate.
How are you going to blacklist in advance? You don't know the attackers in advance, right?
What if twitter changes his API? Would you keep running if the tweet collection agent crashes or returns bad results?
What if your government decides to block Twitter? There are plenty of governments doing that.
What if you choose a heavily retweeted tweet? How much entropy would that contain?
Having something that provides entropy is just the first step. In general you want something that is local and hard to influence and easy to understand / validate. Twitter doesn't seem to be a good option for any of those requirements.
answered 2 hours ago
Maarten Bodewes♦
53.1k677191
How are you going to decide which tweet to use? Randomly? This quickly leads to a chicken / egg problem.
What if the chosen tweet is one word? That would not add a lot of entropy.
What if twitter is unavailable? Are you just stopping your service that relies on the entropy or are you going to continue regardless?
How are you going to keep the chosen tweet secret? You can use TLS, but TLS requires a random number generator to operate.
How are you going to blacklist in advance? You don't know the attackers in advance, right?
What if twitter changes his API? Would you keep running if the tweet collection agent crashes or returns bad results?
What if your government decides to block Twitter? There are plenty of governments doing that.
What if you choose a heavily retweeted tweet? How much entropy would that contain?
Having something that provides entropy is just the first step. In general you want something that is local and hard to influence and easy to understand / validate. Twitter doesn't seem to be a good option for any of those requirements.
answered 2 hours ago
Maarten Bodewes♦
53.1k677191
answered 2 hours ago
Maarten Bodewes♦
53.1k677191
answered 2 hours ago
Maarten Bodewes♦
53.1k677191
answered 2 hours ago
Maarten Bodewes♦
53.1k677191
53.1k677191
add a comment |
add a comment |
aa8y is a new contributor. Be nice, and check out our Code of Conduct.
aa8y is a new contributor. Be nice, and check out our Code of Conduct.
aa8y is a new contributor. Be nice, and check out our Code of Conduct.
aa8y is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66289%2fusing-tweets-as-a-random-seed%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
