[Cryptography] cheap sources of entropy

Jon Callas jon at callas.org
Mon Jan 27 16:14:00 EST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Jan 19, 2014, at 5:04 PM, Christian Huitema <huitema at huitema.net> wrote:

> The key here is to trust that the camera is not somehow subverted and does
> not feed a "pseudo random" set of bits, just like any hardware that has been
> modified. But then, if the camera truly delivers the pixels that it sees, I
> wonder why I would rely specifically on pointing at a grey card. Simply
> pointing at a landscape or an interior scene will probably provide just as
> much entropy. Minute differences in the location and orientation of the
> camera will cause pixels to shift. In a handheld device like a cell phone,
> we can ask the user to take a series of pictures while randomly moving the
> phone. Hashing  the images will certainly deliver some pretty  good input to
> the entropy bucket.


Sure, whatever.

Let me get down to brass tacks. Apologies for the minor handwave to make my point:

Assume a frame F_i taken from the camera. If the attacker cannot guess the *exact* contents of that frame, even with filters, in-camera JPEG, etc. with an advantage over guessing flips of a fair coin, then it's got one bit of entropy.

So take 512 frames and hash them. Poof you're done.

Extrapolate from there to the case of a frame having N bits of entropy.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii

wj8DBQFS5swfsTedWZOD3gYRAhjbAKDhp4bkSnYOz3aJQdPW85ERRSqtTACfVhE7
hyMrC24ttWbF8KUGeF7yI9U=
=suqA
-----END PGP SIGNATURE-----


More information about the cryptography mailing list