[Cryptography] The ultimate random source

Tom Mitchell mitch at niftyegg.com
Fri Feb 14 14:30:21 EST 2014

On Thu, Feb 13, 2014 at 8:08 PM, Joseph Ashwood <ashwood at msn.com> wrote:

> From: Phillip Hallam-Baker

>  I have a solution to the random number generator problem that can be
>> built for about $50 and is completely verifiable.
>> [shake a flask of candy, take a picture]
> I'm not confident it will have as much entropy as you think. The design is
> a fairly basic modification of the lavarand design.

Joe is correct yet a strategy like this removes the ability of a remote
party to predict your RN data stream.

Color saturation of candy will prove to present very clear bias.   Post
processing as is done on Lavarand
is a good start at addressing this.   The papers on Lavarand including the
critical papers are worth
a look.  These papers outline how little, how much entropy you might expect.

Any sensor will have noise at the least significant bit under the correct
situation and an evaluation will help
decide what works.   Be it an 8bit/ 12bit/ 14bit sensor noise is
interesting for the tiny bits so a large sensor
or tiny sensor you are going to have to toss virtually all data except the
LSB if you want to rely on noise rather
than the chaotic location/ movement of candy, bubbles in an aquarium,
leaves in trees.  Garage sale USB
web cams for $5 stuck in a cardboard box could provide noise.

For those looking at programming an Android device, go for it.   There are
ports of Android to
hardware devices (beaglebone black, Raspberry-Pi and many more) with and
without telephone or WiFi radios.
They have a rich environment of hardware sensors including cameras and
enough processor power to do
interesting things.   Development in Java builds on a worthy and portable
programming language.
Used phones have a trade in value of less than $10 so make an offer to any
friend thinking of a trade in.
I use my oldest phone as a WiFi only Netflix/ Pandora/ ChromeCast device so
I do not abuse the battery
of my phone-phone.   So sure it could be used as a home network resource
for local random bits.

Cameras on portable devices are astounding.  One Android application
measures an individuals pulse with the camera
by noting subtle color changes in the skin.   The early Lavarand camera
(SGI personal Iris) was a terrible noisy
bit of camera hardware and did a better job as a noise source than modern
web cameras.

  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140214/f38e9fc3/attachment.html>

More information about the cryptography mailing list