> High-quality algorithmic randomness is similar. If we are denied an omniscient perspective—if we can't look “inside the box” to see what is going on—the random numbers produced will seem completely random.
The article touches on this briefly, but I think the distinction between cryptographic pseudorandomness and (unfortunately) "ordinary" pseudorandomness is important here. To get at the difference, we could say that you're allowed to look at everything inside the box, except specifically the bits of the secret seed. If there's still no way for you to distinguish the output from true randomness, other than the "brute force" strategy of trying every possible seed value, then this box gives you cryptographic randomness (i.e. it's a "CSPRNG"). Usually we'd also want to make the seed big enough that we don't have to worry about that brute force attack in practice, 256 bits as a rule of thumb.
> They would then use their spy-craft to combine their message with the random numbers (e.g., by numbering the letters of the alphabet and adding each successive letter of their message to each successive number from the table). They could then send that message knowing that if it was intercepted, it would be unreadable without a copy of their codebook
(I'm sure the author understands the following, but I think it's important to clairfy it anytime we touch on encryption.)
This sort of scenario is tricky if we don't make the "cryptographic vs ordinary" distinction above. There are lots of PRNGs that look random to us but whose output can be fully predictable to a computer program after a few observations. This isn't a rare corner case: most PRNGs have this issue unless they're speficially designed not to. For example, the Mersenne Twister algorithm used by Python's `random` module has this property, and I think the PCG algorithm that this article is about also has this property. If you use Python's `random.randbytes()` to generate your codebook, it's entirely possible and arguably likely that someone reading your encrypted messages will learn enough to predict every subsequent page of your codebook, which lets them easily decrypt all your messages after a certain point.
The PCG family is somewhat harder to predict than Mersenne Twisters, but not nearly as hard to predict as cryptographic PRNGs. PCG’s author goes into some detail about it here https://www.pcg-random.org/predictability.html and the conclusion is:
“ The PCG family is designed with being difficult to predict in mind, and the default generators are not trivially predictable. But the primary design goal for most members of the PCG family is to be a fast statistically-good general purpose generator, and so by design they do not work quite as hard as most cryptographically secure generators.
“Most of the PCG output functions involve nonlinear operations and only reveal partial state, but as we saw from Knuth's truncated LCGs, that's no guarantee of that PCG generators can't be cracked.”
The article touches on this briefly, but I think the distinction between cryptographic pseudorandomness and (unfortunately) "ordinary" pseudorandomness is important here. To get at the difference, we could say that you're allowed to look at everything inside the box, except specifically the bits of the secret seed. If there's still no way for you to distinguish the output from true randomness, other than the "brute force" strategy of trying every possible seed value, then this box gives you cryptographic randomness (i.e. it's a "CSPRNG"). Usually we'd also want to make the seed big enough that we don't have to worry about that brute force attack in practice, 256 bits as a rule of thumb.
> They would then use their spy-craft to combine their message with the random numbers (e.g., by numbering the letters of the alphabet and adding each successive letter of their message to each successive number from the table). They could then send that message knowing that if it was intercepted, it would be unreadable without a copy of their codebook
(I'm sure the author understands the following, but I think it's important to clairfy it anytime we touch on encryption.)
This sort of scenario is tricky if we don't make the "cryptographic vs ordinary" distinction above. There are lots of PRNGs that look random to us but whose output can be fully predictable to a computer program after a few observations. This isn't a rare corner case: most PRNGs have this issue unless they're speficially designed not to. For example, the Mersenne Twister algorithm used by Python's `random` module has this property, and I think the PCG algorithm that this article is about also has this property. If you use Python's `random.randbytes()` to generate your codebook, it's entirely possible and arguably likely that someone reading your encrypted messages will learn enough to predict every subsequent page of your codebook, which lets them easily decrypt all your messages after a certain point.