[Cryptography] Photon beam splitters for "true" random number generation ?

Jerry Leichter leichter at lrw.com
Wed Dec 30 20:54:27 EST 2015

> That's known to be not good enough.  The device could quite
> plausibly have twice as much storage as you think it does,
> and who knows what is lurking in the hidden half.
It could be much more than half.  Looking just at USB sticks, you can buy them with capacities from 16MB (pretty rare these days) up to at least 256GB, in multiples of two.  No one runs lines at all those points.  They run a couple of lines at some maximum size, then bin the chips based on how much memory is actually good, rounding down to the nearest power of two since that's the way the industry has chosen to market them.  (There's absolutely nothing other than marketing preventing someone from selling 765MB USB sticks.  In fact, some SSD's are sold at non-power-of-two sizes - e.g., 480 and 960GB.)

The "half" you refer to may well be the almost-half that's left over in rounding down to a power of two - at least some part of which will be dedicated to spares.  (Actually, a chip might have to be rounded down by a further factor of two to provide some minimum number of spares.)

However, just because the rest of the stick tested bad, doesn't mean it's actually fully unusable.  It may work but not completely reliably, or some cells may work while others don't.  This stuff will be useless for the purposes for which the stick is sold  - but given suitably written software, it could be used for all kinds of special, hidden purposes.

Story from years back:  The CDC 6600 - the supercomputer of the early 1970's - could be purchased with either (I think) 128KW (Kilo-Words - a word was 60 bits) or 256KW of main memory.  NYU purchased one.  They asked for the 128KW version.  CDC tried to convince them that they should really get the full 256KW.  But the institution had a grant and couldn't swing the extra money - probably a couple of hundred thousand in those days.  So CDC finally delivered a 128KW version.  But ... the developers who played around with the machine found that they could actually get at memory beyond the 128KW limit.  Writes and reads to it ... worked just fine.  In fact, what they eventually determined was that the machine they had came equipped with the full 256KW - CDC had just made a special patch to their copy of the OS to have it limit itself to the lower half.  A source within CDC eventually explained to them that CDC listed a 128KW option, but that they didn't really expect anyone to buy one: If you were spending the tens of millions one of these things cost, you were not going to go short on main memory.  NYU was, in fact, the first customer to buy one of the "small memory" configurations - and CDC hadn't actually worked out the necessary manufacturing changes to build one.  So they just shipped the configuration they had and patched the OS.

(During the anti-Vietnam-war protests of the late 1960's, a group took over the machine room in which the CDC 6600 was stored.  They held it hostage - and when they left, the left behind some incendiary devices on long fuses.  The machine was barely saved from destruction by some faculty members - the story was recently retold.  What I heard from people there was that they would not have minded so much if the machine had been torched:  Insurance would have replaced it, but the replacement would not have been one of the very early runs - I think serial number 4 - which was too early to support Extended Core Storage, which used slower but cheaper memory - we're talking magnetic core in those days - as a kind of I/O device.  The fact the machine was such an early model makes the story about main memory more believable.)

                                                       -- Jerry

More information about the cryptography mailing list