[Cryptography] Is Ron right on randomness
Bill Cox
waywardgeek at gmail.com
Thu Nov 24 03:28:41 EST 2016
On Wed, Nov 23, 2016 at 7:26 PM, Ron Garret <ron at flownet.com> wrote:
>
> On Nov 23, 2016, at 2:15 PM, Carl Ellison <cme at acm.org> wrote:
> As to “how do you do it”, that is ultimately a judgement call that you
> have to make based on your risk posture and the totality of the
> circumstances. But my baseline recommendation if you want to be
> exceptionally paranoid is to make an audio recording of some white-ish
> noise (e.g. record yourself saying “Shhh”) and then extract 1% or 0.1% of
> the result. Of course, you have to do this in a secure environment. An
> attacker is vastly more likely to compromise you by obtaining a copy of
> this recording than because it didn’t contain enough entropy.
>
I prefer randomness from a source that has a solid physical model and a way
to measure that it is performing according to that model. There are
several TRNGs that accomplish this, and many that don't (such as zener
noise).
For your example, I agree it would work fine. However, it would be hard to
characterize the entropy in a recording of "Shhh". I look at a lot of
recordings of sound (I wrote libsonic to speed up speech). Even in
recordings of "shhh", generally the next point can be predicted with more
accuracy than I would have thought if I had not looked at the waveforms.
There is a surprising amount of non-randomness. There's nothing wrong with
going for thermal noise instead.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161124/b59ddd6f/attachment.html>
More information about the cryptography
mailing list