building a true RNG

John S. Denker jsd at monmouth.com
Tue Jul 23 10:14:24 EDT 2002


Eugen Leitl wrote:
> 
> ... framegrabber with a 640x480 24 bit/pixel camera. It doesn't
> compress, is rather noisy, and since self-adjusting I get the maximum
> entropy at maximum darkness.

OK.  Evidently it's dominated by thermal noise, not to
be confused with the Poisson noise recently featured
in another thread.  Not a problem.

> Is there any point in compressing the video before running it through a
> cryptohash? 

There might be a minor point, namely computational efficiency.
A well-chosen compressor might eliminate low-entropy bytes
rather quickly.  Make sure it's a lossless compressor, perhaps
GIF or PNG ... as opposed to a perceptual coder (e.g. JPEG) 
that would persumably throw away some of the entropy.  Calling 
SHA-1 on low-entropy bytes doesn't waste entropy, but wastes CPU
cycles.

> How does e.g. SHA-1 fare with very sparse bitvectors?

1) In any good hash function, any input bit should have
about as much effect on the output as any other input bit.
SHA-1 has been analyzed by experts (of which I am not one :-)
and I would imagine they checked this.

2) There are 5 one-bit shifts in the fivefold expansion, and
lots of 5-bit shifts in the main loop, so it shouldn't matter
that the sparse input bits are clustered in the bottom of the
32-bit words.

3) I performed an amateur kick-the-tires test, namely cobbling
up some sparse input vectors, calling SHA-1, and applying
"standard" statistical tests including Diehard and Maurer's
"universal" statistical test.  No nobody's surprise, the tests 
didn't detect anything.


Arnold Reinhold wrote:
> 
> ... with a portable TV set and a video digitizer 
> should be a good source of high bandwidth noise. In both cases you 
> are just using the receivers as high gain amplifiers of the thermal 
> noise at the antenna terminals.

Thermal noise is good.  Antennas are bad -- just an invitation
to be attacked that way.  Get rid of the antenna.  Keep the high
gain preamp.

Better yet, do as Eugen has done:  Use a framegrabber !!without!! 
the "portable TV set".  No RF section at all.  Plenty of entropy,
lower cost, greater simplicity, and less vulnerability to attack.

For that matter, an audio card (without microphone) produces more
than enough entropy for most applications.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list