[Cryptography] Photon beam splitters for "true" random number generation ?
dj at deadhat.com
dj at deadhat.com
Wed Dec 16 18:48:28 EST 2015
> Stephen Wood said:
>> I hope this isn't too off-topic, but for somebody looking for
>> open-source, hardware TRNG for real-world server use, the selection is
>> abysmally low. In fact I can only find two: a single person in San
>> Francisco making them by hand, and the onerng, which became available
>> just this month!
> Stephen, since youâre bringing it up: Iâd like to hear a few opinions
> from the group on that H/W TRNG from WaywardGeek, the one made by hand
> (https://www.tindie.com/products/WaywardGeek/infinite-noise/). My cynical
> gut feeling fires up all kinds of flashing red lights, but I might be
> missing something.
Your behaviour depends on your place in the universe.
If RNGs are not your concern. E.G. you work for the DMV and don't
subscribe to crypto mailing lists, you will use the RNG in your PC. It
will serve you well.
If you designed the RNG in your PC (that's me), you will use the RNG in
your PC. You designed it to provide useful random numbers for users,
regardless of their experience. It will serve me well.
If you are in the business of writing operating systems or crypto
libraries, you might consider it your job to defend your users from evil
untrustable RNGs and so find a way to combine multiple sources, in the
hope that at least one of them is ok. This will work ok providing your
software gets deployed in places where there is at least one good RNG. See
the Mining Your Ps and Qs paper for a classic example of where this
assumption didn't hold.
If you are involved in crypto in some way and know why you need a good
source of entropy and know how to post process the output into
cryptographically useful data and know how to wield a soldering iron, you
might consider it your interests to have an RNG in front of you with an
open design so you can verify for yourself that it does what it is meant
to do. You might check on your preferred mailing list to see what is
available and what is what.
So what's wrong with the noise multiplier thing? Nothing much for feeding
your own desire to have your own physical RNG instance you control and
understand. But it isn't a general solution that will end up in everyone's
PC and phones.
What's wrong with the RNG in people's PCs and phones? The people who know
crypto and didn't design it aren't in a position to convince themselves
it's ok. So they seek out alternatives that make them happy.
So pick the solution that makes you happy.
I built one myself a few weeks ago based on a paper I read about an
entropy source design that flipped a ring oscillator between local
oscillation of each cell with a global loop. It didn't work. At least I
showed the claims of the paper were untrue in the general case. I won't be
selling it online.
More information about the cryptography