Before responding directly to your question, I would like to establish some parallels that will help in understanding the answer.

First, evaluate the sequences below and their corresponding formulas:

```
01010101010101010101010101 f(X) = NOT X
AAAAAAAAAAAAAAAAAAAAAAAAAA f(X) = "A"
ABCDEFGHIJKLMNOPQRSTUVWXYZ f(X) = CHAR(ASCII(X) + 1)
```

Without much work, we have come to the conclusion that the predictability (or deterministic definition) of these sequences is very high - or, conversely, that the entropy is very low.

But what is entropy? It is the measure of chaos in a system. The term was originally meant to describe thermodynamic systems, but the concept is also applicable to other domains - data, for example.
When we talk about the generation of random or random content by computers, we are talking about formulas that generate values that have a distribution similar to that found in a system with high entropy and continuous uniform distribution.

An example of continuous uniform distribution of easy viewing is white noise, where distribution is seemingly impossible to be described with a deterministic formula - but where we can use statistics to describe density. This is a white noise bitmap generated on Random.org:

Forcomparison,thisisthePHPrand()functionbitmapasdemonstratedbydeveloperBoAllenina2012postonhispersonalblogtitled Pseudo-random Vs. True random . Notice how easily you detect the generation pattern:

Whileinnaturesystemsloseorderandgainentropy,thereverseoccursindatasystems.Wheneveryou'generate'randomnumbers,youarestealingtheentropysystem,andenteringorder.

Asanexample,let'sassumethatIhavethefollowingrandomstringoflettersviaRandomStringGeneratorfromrandom.org:

`ChaveJPVPUUWWJAZEEUMLXDVT`

WhatIuseinasimpleencryptionformula,whereI'add'thevariationtotheletterAofeachpositionwhenapplyingtoaletterofmypayloadinthesameposition.

`PayloadConteúdoencriptadoAAAAAAAAAAAAAAAAAAAAJPVPUUWWJAZEEUMLXDVTBBBBBBBBBBBBBBBBBBBBKQWQVVXXKBAFFVNMYEWU`

Butnotethatifmypayloadisequaltoorgreaterthanthekey,Ihavezappedthesystementropy.So,assumethatIconcatenatemykey,forthefollowingpayload:

`AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`

Myencryptedcontentwouldbe:

`JPVPUUWWJAZEEUMLXDVTJPVPUUWWJAZEEUMLXDVT^^^^^^`

SoIcaneasilydetectthereplayandpredicttherestofthesequence.

Fromthesecuritypointofview,saferandomfunctionsarethosethatperiodicallyrechargewithentropy,inordertopreventpredictability.

Youcanreloadentropyinseveralways;Thebestsourceofentropyistherealworld.Someexamples,whichcanbeusedtogetherwithapseudo-randomfunctionintheformofseeds:

- AccessTwittertrendingtopics.Getthelast128tweetsgenerated.Extractthedayandtimeofeach,converttoabytearray.
- Captureimagesfrom2ormorepublicwebcamsaroundtheworld.ExtracttheMD5fromallofthem.Converttoabytearray.
- Letyourcatwalkonthekeyboard.Convertthegeneratedcharacterstoabytearray.(Addahamstertothesystemformoredata.Preventabandonmentofsystemscopewithaboxaroundallthree.)

Eachoftheseexamplesprovidesdifferentsamplesizeandsamplerate.Themorerandomsourcedatayouinsertintoahybridsystemwithacoupledpseudo-randomgenerator,thesmallerthepatterndetectionchanges.

Theanswer,therefore,isnot:Youneedtoimportanentropyfromanexternalsystem.

Sources:

>

link

edit-disclaimer: Added the reference to the post where the image of the `RAND()`

function was removed.