Numerous encryption and authentication systems call for the use of random numbers, for example for generating challenges during authentication. Examples are DES and RSA. In systems that offer typical levels of security, random numbers in the range from around 50 to 150 bits in length are required. One way to form truly random numbers of this type is to digitise a noisy analogue value, such as a voltage level, and to use the least significant bits of the digitised result to form the random number. However, this method requires some time to gather enough bits to form a random number of the length that is required for typical encryption systems. Therefore, in most situations an algorithm that generates pseudo-random numbers is used instead. The numbers generated by such an algorithm are not truly random, but are deterministic. Thus this method has the disadvantage that if the algorithm and its seed are known the pseudo-random numbers can be predicted, permitting a third party to break the encryption or authentication scheme.
There is therefore a need for a method that can quickly produce random numbers that have the property that the next number produced can not be predicted from the previous numbers.