Computers cannot generate truly random numbers on their own because they are deterministic machines. For a given input, they always produce the same output. Instead, they rely on pseudo-random number generators (PRNGs) that use a starting number, called a seed, and a formula to produce numbers that appear random. However, if an attacker knows the seed and formula, they can predict every random number the computer has generated or will generate, which poses a serious security risk for applications like private key generation in Web3 wallets and password salts.
The Determinism Problem
Computers operate on logic gates and transistors that switch on and off billions of times per second. This deterministic nature means they cannot create numbers out of thin air. PRNGs are sufficient for everyday tasks like shuffling playlists or spawning game assets, but they fall short for security-sensitive uses. If an adversary gains access to the seed stored in memory, they can reconstruct the entire sequence of random numbers, potentially compromising private keys or encryption.
Entropy from the Real World
To generate secure random numbers, computers look beyond their own circuits. They collect real-world, chaotic data from sensors—such as temperature fluctuations, photon detection, or network traffic—and feed it into an entropy pool in the operating system. The pool is hashed using a mathematical function, and when a random number is needed, the system takes a snapshot of the pool, applies a formula with a counter, and outputs a number. This method is used by Cloudflare, which famously employs lava lamps to generate entropy for secure internet connections.
Why Entropy Beats Pure Math
Using external data makes the random numbers unpredictable. Even if an attacker knows the formula, they cannot predict the constantly changing entropy pool. The system adds new random data every few milliseconds, and the hashing function has an avalanche effect—a tiny change in input drastically alters the output. Additionally, the key used with the counter is destroyed every few seconds, and the counter itself is a nonce that cannot be reused. These measures ensure the random number generator remains secure and unbreakable for high-stakes applications like Web3 wallets and encryption.
Humans Are Predictable Too
If asked to pick a random number between 1 and 20, humans feel they are making a free choice, but cognitive studies show we are highly predictable. Our brains are pattern-recognition engines influenced by recent memories, surroundings, and cultural biases. In a way, a computer using an entropy pool mimics us: it uses its hardware sensors as "eyes and ears" to pick a number, just as we use our senses. True randomness—generating a number from pure nothingness—is impossible for both computers and humans in a universe governed by cause and effect.