[Cryptography] cheap sources of entropy
Tom Mitchell
mitch at niftyegg.com
Mon Jan 20 16:49:09 EST 2014
On Mon, Jan 20, 2014 at 8:46 AM, <dj at deadhat.com> wrote:
>> ianG <iang at iang.org> writes:
>>
>>>cheapo USB camera..
> ..
>> unless your camera, or the driver software, is doing postprocessing
>
>
> This is the generic form of the "where do I get entropy discussion":
>
I am seeing two discussions in this thread: Getting "quality random bits" and
getting "entropy".
I suspect the difference is important and almost interchangeable but not quite.
Entropy bits do need to be processed one way or another to negate any
observable bias. Random bits only need to have their distribution
understood and if necessary compensated for. i.e. some data is not 1&0 data
so a gaussian distribution or other distribution (dice) needs to be managed.
Entropy example: Cameras looking at leaves through a fish tank with a
bubbler would have
a color temperature and other image content artifacts that need to be scrubbed
with a good hash.
Random example: Radiation detector and a 50% charge pump (like)
device adjusting the
sample rate/window so the bit stream maintains a nice balance of 1&0
over a long enough
period of time. Perhaps N detectors and one source for better
capture or improved
data generation rates.
Distributions are interesting.... since language is not random.
Distribution related information
can leak through when the content is processed by a true 50/50 random
bit set. Some "random"
bits sets should not be true random, simply impossible to predict yet
well chosen to not leak info.
Perhaps bank transactions would look like bank transactions....
--
T o m M i t c h e l l
More information about the cryptography
mailing list