David Honig
Sat, 17 Feb 2001 14:58:48 -0800
At 03:31 PM 2/14/01 +0200, Paul N wrote: > >It is secure to make a onetime pad using 16 bit input from soundcard using the >following algorithm? >Each bit of the output is the result of XOR-ing all 16 bits from the input >sample... so, for making one byte of "one-time pad", I need 8 samples (16*8 >bits or 16 bytes) of input? This was (more than) sufficient distillation for FM-hiss when I experimented with that. You have to measure the entropy of your distillate, to *know*, rather than hope. You should also measure the entropy of your raw measurements ---I expect ambient noise is lower entropy than hiss. Beware of (periodic) hum. >Of course I allow this only if the cllipping doesn't occurs and there is >nosilence.... Suggestion: Interstation FM hiss is higher-volume and higher bandwidth than ambient noise. But again, you can measure this. >[I would not feel particularly comfortable merely combining the bits >of a single sample -- distilling entropy using a hash function and >large blocks of input would probably work out better. I'm sure there >will be plenty of opinions around here. --Perry] A secure hash will only obscure entropy measurement (a good hash gives 1bit/symbol *apparent* entropy even if only few input bits change infrequently). You must measure your distillate's entropy before hashing if you hash. If you do get a distillate that passes the tests, there is really no need for hashing ---though it can't hurt IFF the input is 1 bit/symbol. So, how to measure entropy? Use Shannon's entropy formula, use Maurer's sequence-sensitive but equally fast test, and use the Diehard suite to really look for structure. In a OTP, after creating a pad, your program should run these tests on the pad as a quality check. With these tools you can really do science and measure the effect of various distilling functions. Don't trust, measure. ....... "What company did you say you were from, Mr. Hewlett?" ---Walt Disney to Bill Hewlett eetimes 22.01.01 p 32