Sorry to overstate the obvious, but did anyone really think that NIST would be completely independent from NSA influence?

They both get their budgets from the same place and even if NIST did not contact the NSA, the moment that one of NIST's egotistical PHD's wrote an email on or published a whitepaper on encryption or random number generation; how long do you think it took for the NSA to show up on their doorstep telling them they had to provide a backdoor to the random number algorithim????

Can you say global keyword search? Anyone want to bet who's already got the keys to RNG for Microsoft products?

asbestos underwear , lead coat , stainless steel door ... and forget the taxi .. i'll walk from now on...

I think you'll be really hard-pressed to find an NSA link with this one. You couldn't, for example, read the first sentence of the Acknowledgements section:

"The National Institute of Standards and Technology (NIST) gratefully acknowledges and appreciates contributions by Mike Boyle, Paul Timmel and Debby Wallner from the National Security Agency for assistance in the development of this Recommendation."

They're crafty ones, they are.

If this is a real weakness then it would be best to be proven so. Perhaps a distributed computing scenario could be put to use to discover the skeleton keys?

Maybe that's what 'Storm' is for....

What's the odds of flipping a coin and coming up heads?? 50%.

So it comes up heads. What's the odds of it coming up heads on the next 11 flips? Yeah. 50% each flip.

So it's within the realm of randomness that all of the dozen flips all come up heads. And that may not be good, if you're depending on those dozen flips being not all the same.

Likewise, it's possible that a set of numbers from a random generator are all the same. And that may be very bad, for the same reason.

Just a thought..

Bruce Schneier decrypted the Bible. The plaintext read, "Bruce Schneier"

Bruce Schneier doesn't need facts. With one roundhouse-kick he can generate a formal proof for whatever he needs.

P = NP in Bruce Schneier's very presence.

Only one security god has a surname with three adjacent vowels.

SSL is invulnerable to man-in-the-middle attacks. Unless that man is Bruce Schneier.

When Bruce Schneier clicks "Random Fact" the outcome is never random.

The spacing between Bruce Schneiers ribs forms an Optimal Golomb Ruler.

Bruce Schneier knows Alice and Bob's shared secret.

I'm hardly the first person to consider his works as entirely based on fact, but one thing does ring true... If you've read his book Digital Fortress, they talk about backdoors in algorithms and encryption protocols, and life mirrors art sometimes, does it not?

Did anybody SERIOUSLY believe that a Government-recommended scheme for encryption/decryption would be truly hackproof? Bloody hell.

Not sure what your point is. True, the probability of heads is .5 on each flip but probabilities are multiplicative so that probability of 2 heads in a row is .25, three is .125, and so on.

He's talking about probability of a result for the independant flips, not sequential results or otherwise. The chance of H or T per *single flip* is 50%. Always. Even if you flip the coin 10 billion times, you always have 50/50 chance. The chance of 10 billion heads in a row though... time for a calulator and a very small number :P

It's amazing how many people trip up on this... I learned statistics in year 10 at GCSE and remember complaining that I'd never need that information in "the real world". For reference, if anyone cares: http://www.bbc.co.uk/schools/gcsebitesize/maths/datahandlingih/probabilityirev1.shtml

All lovely statistics aside, the coin flipping doesn't matter here. Computers can not flip coins, they can only execute an algorithm. There are no "true" random numbers generated by computers, although computers can sample the environment for random numbers (http://www.random.org/)

If you know the seed and the timing of a pseudo random algorithm you can tell what it's going to output, thats how it works. We aren't worried about the accidental possibility that "a set of numbers from a random generator are all the same". We are worried about the intentional breaking and intentional generation of these exact same series.

> Just like Dan Brown foretold

Not at all. His novel was released in 1998. He's foretold nothing.

Backdoors / Cryptography and so on are ideas that have been known of, both in terms of fact and previous art, for decades before his book was written.

Indeed, it seems far more likely that he is merely imitating fact rather than foretelling anything.

> It's amazing how many people trip up on this...

I think you're tripping up slightly.

The chances of getting any other alternative pattern, e.g all heads, all tails, or HTHTHT or THHTHHTHH... or any other should be the same.

To put it in binary terms, if heads is 0 and tails 1, so our sequence describes a binary number from 0, which is all heads, to, something like, 2 to the power of 10 billion minus 1, which is all tails, and everything in between, describes the possible sequences after 10 billion throws.

If each bit has a 50/50 chance of appearing, any of the results is equally likely [or unlikely] Thus all heads is not surprising, or alternatively, if you think it is, then any sequence you get should surprise you in the same way. If it doesn't, then you've tripped up.

Lots of heads in a row, is no more significant or unlikely than 1 2 3 4 5 6 in a lottery draw is.