[Cryptography] Generate Random Data From Sound Card

Jon Callas jon at callas.org
Tue Mar 10 20:55:42 EDT 2026 


> On Mar 9, 2026, at 18:41, John Gilmore <gnu at toad.com> wrote:
> 
> Kent Borg and Jon Callas wrote:
>>>> [...] the Kent who has currency in his wallet with serial numbers of it, and though those serial numbers are in no way "truly random", it is exceedingly likely no one in the world knows what those serial numbers are...
>> Oh, yes. This is one of the points I was trying to make. All we need is something that is arbitrarily hard for an adversary to guess...
> 
> Do you both really believe that that modern ATM machines aren't recording
> the serial numbers of the paper cash that they issue to you?

I don't think it's relevant to the discussion.

I believe that at least one ATM is recording them, and at least one is not recording them. I believe that the ones in cornershops run by some person -- you know, the kind that Barnaby Jack used to dramatic effect -- are likely to be the ones that don't. At the same time, I think that if I went into the bank and got it from a teller, that's pretty unpredictable. (Assuming of course I live in a universe with bank tellers.)

Yeah, the USPS emails me the photos of the mail they're going to deliver, so yeah. I know.

Yet the discussion we had was not only glib, but was discussing natural complexity that is unguessable with a reasonable advantage. (And I'll point out that a fair coin lands tails up about 52% of the time according to some people who have done experiments.) I believe that the government has a *forensic* advantage but not an operational one. Meaning that if they find a banknote, they might be able to know the last ATM it came out of, but not much more.

Let's do a few thought experiments, though.

(1) Alice and Bob want to roll a fair d100 and they don't have any dice. So they have a protocol. Alice picks a number between 1 and 8. Bob pulls a bunch of banknotes out his wallet and fans them face down. Alice picks one bill, and they select two digits from the serial number starting with the digit number (big endian because that's Network Digit Order), and wraps if necessary.

This strikes me as a reasonably fair way to do a d100, in that neither of them can skew the result in ways they want. I also think that 7 is the best number for Alice to pick, because that gets the low-order digits, but there are reasons to pick others. 

Does the government have an advantage here? Can Government Man step out of the shadows and predict the number once the bill is selected face down and do better than a random guess?

(1a) Same as above, but with more than two digits. Three to eight -- does the government still have an advantage, even when the whole serial number is used? 

(1b) Same as above, but they use the bills of Charlie, whom they select by just asking people on the street if they'll play the game of letting them select a bill and using the first Charlie that agrees. (This basically removes sleight of hand manipulation from Alice and Bob, only, at the risk that Charlie is a government agent.) Does this change anything for Government Man trying to predict the digits?

(2) In some suitable Comic Book Universe, a supervillain does some dramatic event and a flourish is that a banknote is left prominently at the scene. Do the superheroes chasing the supervillain get fun plot points? One fun plot point is that they'd know the spacetime coordinates of the ATM that spat it out. Another fun potential plot point is that (cue organ chords) there's no record of these bills in any ATM. There are other interesting potential plot points, like an accomplice who loads the bills face down in the ATM or even more fun, they know the coordinates of the serial number before and after the showpiece banknote, but not that one.

How reasonable is any of this? Does it strain credulity and if so, in which directions? Is it, for example, totally unbelievable that the supervillain could showcase a banknote that is just a banknote?

(2a) Assuming the government knows the matching of the serial number to an ATM, can they detect that the bill came from Miami by teleportation just before the event -- faster than air travel could get it there, essentially in seconds rather than hours. Can the government detect this? Can the supervillain use this as a covert channel to let the superheroes know that they can teleport? 

(2b) Same, but the bill in question is a $100 bill teleported out of some other villain's pile of notes. 

(3) Woz. Steve Wozniak perhaps notoriously gets sheets of two-dollar bills and arranges them into pads where he dramatically tears one off of the pad (or performs a magic trick in which he apparently does this) and hands it to people. Does this change any of our discussion, especially in (1) above; as an example, assume Bob fans out twentyish bills that are all from Woz, does it change anything? 

(By the way, the web site for the Federal Reserve has a FAQ. Question #11 is "Where can I get $2 bills?" and question #12 is "Where can I purchase uncut sheet [sic] of currency?" There's a link to the Bureau of Printing and Engraving site to order them. Question #17 is "Is it legal for a business in the United States to refuse cash as a form of payment?" I got this from a pretty obvious search along with some interesting relevant patents.)

My intuitions are as follows:

For all of the Alice/Bob d100 games, no one has a real advantage, even the government, even with Woz's bills, *especially* if Alice picks the low two digits. I know from having talked to Woz that he gets "two to five grand" worth of bank notes, so his primary cache is 1,000 to 3,000 bills. To me, that means that there's a big enough (oh, dear me, I'm going to say the E-word) entropy pool that it's still random with the low digits. Real world complexity for the win.

I think that any serial number surveillance is bulk, ephemeral, and stochastic. Meaning they don't try to remember every serial number, there aren't chains kept, and that the system is designed for money-laundering related forensics. Thus, unless Bob (or Charlie) is in a world like that, there's not a lot of information leaks.

It is my intuition that if I seeded an RNG by typing in all the serial numbers of the bank notes in my wallet and then hashing the result, there'd be a hundred or three bits worth of unpredictability there. I also know that a card up my sleeve is that my protocol has the unpredictability of the order of the bills. I also know that I got change at the farmers market last weekend and that stirs the system. I'm also willing to believe my intuition is wrong, but hey, it's intuition!

	Jon

More information about the cryptography mailing list