> as there's a tiny chance a random number fails the test
There’s ~4e23 _grains of sand_ on Earth. There are more possible values in 128 bits than grains of sand on Earth.
Take it further. There are 10^11 stars in our galaxy. If every star in the Milky Way had a planet identical to Earth orbiting it, there would be ~4e35 grains of sand on all the Earths orbiting all the stars of the Milky Way.[1]
If you assigned each of those grains to its own value, we’d only need 0.11% of the possible values of 2^128.[2]
I think it’s safe to say those bureaucrats are wrong :)
Sure. As an engineer who knows what they're doing I of course agree with you. I'd argue with management that random is both obviously the correct choice and unlikely to cause compliance problems. But...
Here are some of the "Unpredictable numbers" from a series of EMV transactions reported in a paper in 2014:
F1246E04, F1241354, F1244328, F1247348
That's a 32-bit value, so not enough to count living humans, never mind grains of sand. And it's not very "Unpredictable", indeed the researchers have more data from the logs which allows them to predict with confidence future values from that same terminal, basically the low 15 bits are a clock which repeats every 32768 cycles, with cycles having a fixed duration of several milliseconds. The high bits, if they change, don't change for a prolonged period.
I'm a bit curious now how compliance with the spec is tested.
It certainly can't be done with "pure" unit tests, and it would be difficult to ensure sufficient entropy even with "impure" tests that examine multiple nonces generated in sequence.
Do you happen to have a link to the paper you mentioned?
... mentions these values and links a paper they wrote, I suspect it isn't the 2014 paper I was thinking about but it's on the same topic.
The good news is that in the years after this work, I believe the rules were tightened up, there's a good chance if you buy a brand new EMV terminal the people testing it wouldn't have accepted 1, 2, 3, 4, 5 as a series of "Unpredictable numbers", so crooks today are less likely to be able to exploit this, and more likely to get caught.
The bad news is that courts remain very easily persuaded that banks know what they're doing, and expert witnesses who can make it clear that the bank have no idea what they're doing and shouldn't be trusted more than a typical citizen are expensive. If it ends up being your word against a bank, the court is probably going to believe the bank.
There’s ~4e23 _grains of sand_ on Earth. There are more possible values in 128 bits than grains of sand on Earth.
Take it further. There are 10^11 stars in our galaxy. If every star in the Milky Way had a planet identical to Earth orbiting it, there would be ~4e35 grains of sand on all the Earths orbiting all the stars of the Milky Way.[1]
If you assigned each of those grains to its own value, we’d only need 0.11% of the possible values of 2^128.[2]
I think it’s safe to say those bureaucrats are wrong :)
1: https://www.wolframalpha.com/input?i=%28number+of+stars+in+t...
2: https://www.wolframalpha.com/input?i=2%5E128+-+4e35