Re: True random numbers wanted

From: Eugen Leitl (eugen@leitl.org)
Date: Sun Sep 01 2002 - 05:21:07 MDT

• Next message: Eugen Leitl: "Re: R: True random numbers wanted"
• Previous message: scerir: "R: True random numbers wanted"
• In reply to: Anders Sandberg: "Re: True random numbers wanted"
• Next in thread: gts: "RE: True random numbers wanted"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Sun, 1 Sep 2002, Anders Sandberg wrote:

> If you don't need excessive numbers or absolute certainty they are
> not copied somewhere else, one possibility might be to use HotBits to
> get real random numbers over the net: http://www.fourmilab.ch/hotbits/
> There are also descriptions of the hardware used.

This is a shared secret, though. Unless you replicate the setup in your
home.
 
> Intel seems to have one generator:
> http://www.intel.com/design/security/rng/rngfaq.htm

Whenever I need true randomness, I can just use a cryptohash (SHA-1 is a
good choice) on a source of noise (video cam, noisy audio).

I haven't estimated it for my current setup, but you might get ~100 bits
of entropy/line of video source, if it's noisy enough (use CMOS sensors,
switch off compression, put the cam in a dark box). 100*480*30 (or 7, if
you're using an USB cam). That's ~500 kBps/s of raw entropy for USB. If
you hash ~500 bits of it with SHA-1, you've got ~2 kBit/s of true random
numbers.

If you need just a few bits on the quick, I do something like this:

[eugen@hydrogen eugen]$ sha1sum /var/www/html/webcam.jpeg
b30d84044fcd21f557ca921d2a51957ec154203b /var/www/html/webcam.jpeg
[eugen@hydrogen eugen]$ sha1sum /var/www/html/webcam.jpeg
c1d9b86ac57d80910c7a8854d6b684d92f83651b /var/www/html/webcam.jpeg

Similiar calculations apply to audio. If you're unwilling to solder a
noise generation circuit, just stick a microphone nearby your exhaust fan,
and jack up the amplification. The sampling rate is much lower (~40
kSamples/s), and you'll need several samples for one bit of entropy (you
have to measure/estimate), so it the generation rate will be accordingly
lower.

Intel hardware generator is way quicker, but this assumes you trust Intel
with generation of your one-time pad (I don't; notice that any of the
above should be done on a (diskless) air-gapped machine which you wipe
afterwards for extra paranoia). It will do fine for anything else, though.

• Next message: Eugen Leitl: "Re: R: True random numbers wanted"
• Previous message: scerir: "R: True random numbers wanted"
• In reply to: Anders Sandberg: "Re: True random numbers wanted"
• Next in thread: gts: "RE: True random numbers wanted"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:16:36 MST