[Cryptography] Is Ron right on randomness

Bill Cox waywardgeek at gmail.com
Thu Nov 24 03:28:41 EST 2016

On Wed, Nov 23, 2016 at 7:26 PM, Ron Garret <ron at flownet.com> wrote:

> On Nov 23, 2016, at 2:15 PM, Carl Ellison <cme at acm.org> wrote:
> As to “how do you do it”, that is ultimately a judgement call that you
> have to make based on your risk posture and the totality of the
> circumstances.  But my baseline recommendation if you want to be
> exceptionally paranoid is to make an audio recording of some white-ish
> noise (e.g. record yourself saying “Shhh”) and then extract 1% or 0.1% of
> the result.  Of course, you have to do this in a secure environment.  An
> attacker is vastly more likely to compromise you by obtaining a copy of
> this recording than because it didn’t contain enough entropy.

I prefer randomness from a source that has a solid physical model and a way
to measure that it is performing according to that model.  There are
several TRNGs that accomplish this, and many that don't (such as zener

For your example, I agree it would work fine.  However, it would be hard to
characterize the entropy in a recording of "Shhh".  I look at a lot of
recordings of sound (I wrote libsonic to speed up speech).  Even in
recordings of "shhh", generally the next point can be predicted with more
accuracy than I would have thought if I had not looked at the waveforms.
There is a surprising amount of non-randomness.  There's nothing wrong with
going for thermal noise instead.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161124/b59ddd6f/attachment.html>

More information about the cryptography mailing list