I don’t think I’d trust quantum randomness to generate cryptographically secure passwords or encryption keys. At least not for anything important.
Here’s the problem. When you use quantum randomness, you are giving demons a perfect opportunity to sabotage you. Ok, let’s step back, because you’re probably saying “What the…” right now.
Of course, we don’t know that demons exist. Let’s face it, scientific investigations into supernatural beings have consistently shown no evidence of them. So, if demons do exist, their effects are going to be subject to the laws of physics; thus, the only chance they have to manipulate things in the real world is through non-deterministic processes. That means quantum effects.
Furthermore, whatever effect they have has to also obey quantum probabilities (otherwise it would be a violation of the second law of thermodynamics, which is a statistical law, yes, but if demons made a habit of breaking it, we’d notice). This severely limits what the hypothetical quantum demons could do. Because of the second law, quantum effects rarely come into play in the macroscopic world.
But it can become an issue when scientists start rigging the real world to react to quantum effects. The classic thought experiment is, of course, Schrödinger’s cat. (Briefly, the scientist puts a cat in a box with a vial or poison gas. The vial is hooked up to a Geiger counter, and will release its gas if the Geiger counter detects an alpha particle. The counter is aimed at a sample that has a 50% chance of releasing a an alpha particle in one hour.) Now, suppose a scientist sets up a Schrödinger’s cat experiment. And condsider that there is no scientific test that can distinguish between a natural random decay and a demon-manipulated decay. This means, if there is a demon who really, really hates that cat, then that cat is pretty much dead meat. (Well, it’s not dead meat until the scientist opens the box and observes it, but you get the idea.)
The only limitation that a demon has is that, if the scientist decides to run 100 Schrödinger’s cat experiments, the demon will have to keep the results to around 50 alive / 50 dead. If the demon hates all cats then there’s not much it can do, it can only kill about half of them. However, if the demon hates just one cat, you can bet that cat will be among the dead.
Now, instead of this silly cat experiment, let’s say we’re using quantum randomness to generate encryption keys to secure important data. A demon wanting to sabotage your data security can potentially manipulate the random values to introduce a weakness into the key.
Now, I’m not saying demons exist. They probably don’t. But still, if I had something really important hanging in the balance, I’m not so sure I’d trust demons not to exist.
Note: I’m only being half tongue-in-cheek about this.
I don’t really think there are demons manipulating quantum interactions. But if push comes to shove, and something really, really important is on the line, this is something I would think about when choosing a strategy. If I needed an absolutely secure key to stop a nuclear missle launch, I’m not so sure I’d trust a quantum random key when a deterministic, pseudo-random key can be nearly as secure.
On the other hand, if the situation were dire, let’s say maybe I was trying to brute force a password override to stop the nuclear launch, I’d maybe consider using quantum random values while praying that a benevolenet demon could help find the code faster.