[Cryptography] cheap sources of entropy
Krisztián Pintér
pinterkr at gmail.com
Mon Jan 20 12:54:03 EST 2014
ianG (at Saturday, January 18, 2014, 9:17:17 AM):
> Jon Callas (I think) a long time ago suggested pointing your cheapo USB
> camera at a photographer's grey card in low light. The theory is that
> the cells in a camera seek for information and if they don't see
collecting entropy is easy. extracting entropy is also easy. providing
a general solution that reliably produces entropy is hard. just as an
example, take this camera project. the following questions come up,
from the top of my head:
- what if the camera breaks?
- what if the camera entropy production degrades with time?
- what if lighting conditions change?
- what if the driver is updated, and starts filtering noise?
- what if the driver is updated, and stops producing data?
- what if temperature variations affect entropy production?
- what if an attacker can listen on in EM, and read your camera output?
- what if another software on the same machine can read camera output?
- what if the janitor accidentally unplugs the camera?
in short: if you have an engineer, some free hours to spend, and you
want to generate some randomness at a certain location, with a
specific hardware, in a specific setting, it is always easy to do. but
these solutions do not transfer to different situations, and does not
apply to anyone with no engineer hours to spend.
More information about the cryptography
mailing list