building a true RNG (was: Quantum Computing ...)

Joseph Ashwood ashwood at msn.com
Tue Jul 23 17:06:40 EDT 2002


----- Original Message -----
From: "Eugen Leitl" <eugen at leitl.org>
Subject: Re: building a true RNG (was: Quantum Computing ...)


> I've got a framegrabber with a 640x480 24 bit/pixel camera. It doesn't
> compress, is rather noisy, and since self-adjusting I get the maximum
> entropy at maximum darkness.

> Is there any point in compressing the video before running it through a
> cryptohash?

It will not serve a cryptographic use, however if you can find a fast enough
truly lossless compressor it can be very useful. Since I assume you'll be
taking a picture purely in the dark a usable compressor would be (please
pardon the severely abused pseduo-code)

SHA1 pool

on_pixel
{
    if pixel is not black
        SHA1_update(pool, pixel, pixel coordinates);
}

get_random()
{
    SHA1 temp
    SHA1_update(pool, "1")
    temp = SHA1_duplicate(pool)
    return SHA1_finalize(temp)
}

> How does e.g. SHA-1 fare with very sparse bitvectors?

It is believed to fare quite well, and considering that the line for proper
entropy distillation is actually well below the line for cryptographic
security SHA-1 is likely to remain very good for this purpose. If you are
more concerned about speed than maximum entropy containment (or require less
than 128-bits of entropy) you might also consider MD5. If you are extremely
concerned about this (and are willing to lose a few other desirable
behaviors) it is possible to use a block cipher, basically in CBC mode, to
accumulate entropy, this has the advantage that under some reduced
assumptions it is possible to compute the maximal entropy of the state at a
given time.
                Joe



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list