[Cryptography] Photon beam splitters for "true" random number generation ?

ianG iang at iang.org
Sun Dec 27 09:54:31 EST 2015

On 25/12/2015 21:01 pm, Arnold Reinhold wrote:

>> By way of contrast, taking the SHA sum of a photo can be done in O(1
>> second), including the process of actually taking the photo.  Maybe
>> O(10 seconds) if you need to transfer the photo from one device to
>> another.  Faster, more convenient, and every bit as random as dice or
>> coins.  Hence superior in every conceivable way for the generation of
>> crypto keys.
> Not quite. As others have pointed out, if the image is stored in SSD, it
> may be hard to erase. One could write a program that accessed the camera
> directly and never stored the image in memory. That would not be too
> hard on, say a Raspberry Pi with a camera module, but that is another
> program to write and verify and the Pi is not open source hardware. As
> some else said, “It’s turtles all the way down.” Well dice are turtle free.
> You could well argue that the computer we do our encryption on are not
> turtle free either, and I agree that is a big problem. I think the best
> solution is to move crypto to much small computers with single CPUs, no
> OS, and memory systems that can be erased, but that is another
> discussion. In the meantime, I would argue that removing one stack of
> turtles is not silly.

The process we developed at CAcert was:

1.  Everyone brings their favourite RNG on their laptop.  I used laptop 
photos of a white card in lowlight, similar to above, and hashed every 
photo.  One person used John Denker's audio device.  Another used the 
OpenSSL RNG ;-)

2.  Each feed was then transferred on USB stick to a single offline 

3.  All feeds were then combined (XOR'd together and hashed) by a 1 page 
C program.  Result was fed into the key generation process.

4.  After successful key generation, the single computer and the USB 
sticks were destroyed.

5.  All steps were supervised in the open by all.

The goal of the process was to create a good RNG, even if N-1 
conspirators were able to slide in their borrowed NSANGs.


More information about the cryptography mailing list