[Cryptography] The ultimate random source

Bill Frantz frantz at pwpconsult.com
Sat Feb 15 01:45:30 EST 2014

On 2/13/14 at 8:08 PM, ashwood at msn.com (Joseph Ashwood) wrote:

>Will these be sufficient? Honestly it depends on the webcam. 
>Using the cheap webcam that is in your laptop, phone, tablet 
>will almost certainly not be enough. You need to have enough 
>precision to actually collect the noise, so you'll be looking 
>for at least 10 stops (10 bits per color) in the camera. These 
>are not that difficult to find, but are notably more expensive 
>than the really, really cheap cameras generally used.

OK, you have two sources of information unknown to the attacker. 
(1) The precise distribution of the candy in the jar. If you 
have a big enough jar and enough different colored candies, that 
alone is probably enough. (2) The quantum noise i the camera 
sensor. Cheaper cameras have poorer sensors and generate more noise.

>As an example of just how bad it can be, even with a camera 
>that is vastly better than the one in your laptop/phone/tablet 
>the GoPro Hero3 Black has a significant amount of apparent 
>noise in the image. This noise is almost exclusively 
>deterministic and can be virtually eliminated with simple post-processing.

This statement is completely wrong. Noise elimination 
post-processing's success does not mean the noise can be 
predicted, only that the image can be changed in a way that is 
pleasing to the human eye where there is less noise, and less 
entropy as a result. (Sensor noise is caused by quantum effects, 
particularly noise in the amplifiers, and so deserves to be 
called entropy.)

When I listen to weak signals on my ham radio, the DSP noise 
suppression isn't based on predicting the noise profile, because 
it to is quantum based. It is based on recognizing the signal as 
compared with the broad spectrum noise, and boosting the signal.

Any algorithm that reduces noise will also reduce the resulting 
entropy, but if you still have noise in the resulting photo, 
some entropy has made it through the processing, and can be 
used. High ISOs are your friend, as is poor noise suppression. 
Look in Popular Photography, dpreview.com, etc. for cameras with 
poor noise performance, and use them.

Cheers - Bill

Bill Frantz        | gets() remains as a monument | Periwinkle
(408)356-8506      | to C's continuing support of | 16345 
Englewood Ave
www.pwpconsult.com | buffer overruns.             | Los Gatos, 
CA 95032

More information about the cryptography mailing list