Can the human brain generate cryptographically secure random numbers?
A security conscious friend of mine was attempting to generate entropy using random dice rolls to generate a random password, and I became curious about the security of random number generators and whether or not she could do the same by simply thinking of random dice rolls. Would it compromise the security of password/key generation to use human-generated random numbers instead of random numbers from a dice or a secure random number generator?
I can see how the standard random number generators included in many programming languages might not be cryptographically secure in known and exploitable ways, but how about the random numbers generated by the brain? When I asked her, she stated that humans were terrible at generating entropy, but I'm not sure that this is the case. How do humans rank in the generation of key entropy and would it be possible for a human mind to take the place of random number generator for key/password generation without being exploitable?
