[Cryptography] Thoughts on hardware randomness sources

Marcus D. Leech mleech at ripnet.com
Thu Sep 12 23:06:06 EDT 2013

On 09/12/2013 10:38 PM, Thor Lancelot Simon wrote:
> The audio subsystem actually posed *two* obvious opportunities: 
> amplifier noise from channels with high final stage gain but connected 
> by a mixer to muted inputs, and clock skew between system timers and 
> audio sample clocks. The former requires a lot of interaction with 
> specific audio hardware at a low level, and with a million different 
> wirings of input to mixer to ADC, it looks hard (though surely not 
> impossible) to quickly code up anything generally useful. The latter 
> would be easier, and it has the advantage you can do it 
> opportunistically any time the audio subsystem is doing anything 
> *else*, without even touching the actual sample data. Unfortunately, 
> both of them burn power like the pumps at Fukushima, which makes them 
> poorly suited for the small systems with few other sources of entropy 
> which were one of my major targets for this. So they are still sitting 
> on some back back back burner. Someday, perhaps... Thor 
There are a class of hyper-cheap USB audio dongles with very 
uncomplicated mixer models.  A small flotilla of those might get you 
some fault-tolerance.
   My main thought on such things relates to servers, where power 
consumption isn't really much of an issue.   Similarly these hyper-cheap 
   DVB-T dongles based on the RTL2832U can be made to run in "SDR" mode, 
and give you a basebanded sample stream of a wide variety of tuned
   RF frequencies--put a terminator on the input, chose your frequency, 
crank up the gain, and pull samples until you're bored....

This topic has suddenly become interesting to me in my work life, so I'm 
currently looking at the sensors API for Android.  I thought I had left 
Android work
   behind, but it's coming back to haunt me.  I was playing with the 
sensor outputs on a Nexus tablet today, and it has an impressive array 
of sensors.
   I suspect each of them could contribute a few bits/second of entropy 
without too much trouble.  More investigation is necessary.

More information about the cryptography mailing list