Hacker News new | ask | show | jobs
True random number generation (TRNG)
5 points by aredbeard 2169 days ago
Hi friends,

For the past little while we've been working on a saas site that simplifies the use of TRNG keys. The service provides an easy to use API backed by custom-built arrays of hardware keys. So instead of buying one of these keys off the shelf and writing software to transform the bytes into something usable, you could use our service instead.

It's live at http://wheelhorse.io and we'd love your feedback, comments, and suggestions!
2 comments
arberavdullahu 2168 days ago
I am fond of your work, good job :).

1. In-browser try it out of the API would be great, take the example of swagger [1].

2. The sign-in/sing-up is a bit complicated in my opinion. Why do I have to follow the link in the email to sign-in, why not a email/password login procedure? Also nit but the link the email is given with the text “Sign-in to the wheelhorse”, which may seem suspicious, I would rather prefer the original long link(like most other apps).

3. I cannot find the price plan, I don’t want to start using it without knowing the plans. In my opinion this deserves its own page on the menu.

4. How does your service compare to others?

5. Not sure if this is important, but I can’t find the authors or who is behind it.

[1] https://petstore.swagger.io/#/pet/getPetById

link
rynn9000 2168 days ago
This is great feedback!

#1 is on our backlog. hopefully we'll add this soon!

#2 agree, we plan to work on this, thanks for pointing it out!

#3 we're still working out the details on the pricing plan, we're hoping people will enjoy using it for free for now. Also we're open to feedback on pricing, feel free to send what you'd expect to pay for a service like this to support@wheelhorse.io

#4 the major differences between wheelhorse and other random number generation services are 1/ it's going to be substantially cheaper than other services because of the way we designed the hardware that generates the random numbers, 2/ it's very fast and easy to understand and integrate with, 3/ we're open to doing custom features / deployments to meet people's specific integration needs.

#5 we're still in the early stages of building this product and are more looking for feedback and early users than anything else. if you'd like details on who we are and what we're trying to do we'd love to talk to you! please send mail to support@wheelhorse.com and we can setup some time to talk on the phone or via zoom.

Also I'd like to point out that we're never going to sell anybody's email address or do any other weird things with people's information. We believe in delivering value honestly and securely.

link
aredbeard 2168 days ago
Thanks for the great feedback!

Regarding the in-browser API, that's a really cool idea. We've added it to our product backlog.

Our sign-in flow is definitely not standard. We thought email-only might be easier for people (since you don't have to remember or set a password) but it seems like it's probably better just to have standard username/password.

Also really good feedback on the pricing plans, we'll get that added ASAP (I think this will also tie into your question #4).

link
stockkid 2169 days ago
Nice work.

1. What do you mean by "true random"? Aren't the bits generated by a hardware pseudo random at best?

2. Why and how should users trust the randomness of a third party solution that they do not control or see the implementation of?

link
aredbeard 2169 days ago
Hey thanks for the great questions! Happy to elaborate on anything below if it's helpful.

1/ It might be easiest to define in terms of suitability for a particular application. As you probably already know there are a number of industry tests which are useful in evaluating the effectiveness of a random number generator (Diehard, NIST, etc). Our service is built on top of industrial-grade hardware that passes these tests and is suitable for use in cryptography.

2/ Great question. It's easier to reason about in the context of specific use cases. For certain applications it increases trust to outsource RNG to a neutral third party that doesn't have a stake in the outcome.

link
aredbeard 2169 days ago
I'll also add that we're considering open-sourcing our implementation of raw hardware bytes => data as a way to build trust and transparency in how we're generating data.
link
saluki 2168 days ago
I always think of this blog post when these posts come up about generating random numbers.

http://gamesbyemail.com/News/DiceOMatic

There is a link to ver 1 built out of Legos.

link