[Cryptography] Radioactive random numbers

Chris Kuethe chris.kuethe at gmail.com
Wed Sep 11 19:57:58 EDT 2013

(curse you anti-gmail-top-posting zealots...)

On Wed, Sep 11, 2013 at 3:47 PM, Dave Horsfall <dave at horsfall.org> wrote:

> Another whacky idea...
> Given that there is One True Source of randomness to wit radioactive
> emission, has anyone considered playing with old smoke detectors?

Yep. For fun I wrote a custom firmware for the Sparkfun Geiger counter to
do random bit or byte generation that I could mix into my system's entropy
pool. I'll eventually update the code to also work with the ExcelPhysics

acknowledging some prior art: http://www.fourmilab.ch/hotbits/

The ionising types are being phased out in favour of optical (at least in
> Australia) so there must be heaps of them lying around.

There are heaps of them at big-box retailers in the US, with no sign of
going away. I got a couple for $5 each.

> I know - legislative requirements, HAZMAT etc, but it ought to make for a
> good thought experiment.

Low activity sources seem to be fairly unencumbered. There are plenty of
places that will sell calibrated test sources or lumps of random ore for
educational use. Then you get to tell people funny stories about the time
you bought radioactive material on the internet, and someone else gets to
do the compliance paperwork (if necessary).

Homebrew geiger counter rigs aren't exactly practical or scalable - I don't
want to make my datacenter guys cut open a case of smoke detectors and
solder a dozen GM tubes so we can have good random numbers. A better
solution might be to use one of the various thumb-drive sized AVR-USB
boards: load in a simple firmware to emulate a serial port, and emit
samples from the onboard ADCs and RC oscillators... no soldering required.

I was going to say that it's simple to inspect the code - even the
generated assembly or the raw hex - for undesired behavior, then I
remembered the USB side is non-trivial. If you're not using the onboard USB
hardware it's much easier to verify that you're only doing an ADC sample, a
timer read, a couple of comparisons, a UART write, and nothing else
(assuming you offload the whitening to your host's entropy pool).

GDB has a 'break' feature; why doesn't it have 'fix' too?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130911/68eb9cfc/attachment.html>

More information about the cryptography mailing list