Carl Ellison
Tue, 20 Feb 2001 08:29:40 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 03:31 PM 2/14/01 +0200, Paul N wrote: > >It is secure to make a onetime pad using 16 bit input from soundcard using >the following algorithm? > >Each bit of the output is the result of XOR-ing all 16 bits from the input >sample... so, for making one byte of "one-time pad", I need 8 samples (16*8 >bits or 16 bytes) of input? > >Of course I allow this only if the cllipping doesn't occurs and there is >nosilence.... > >[I would not feel particularly comfortable merely combining the bits >of a single sample -- distilling entropy using a hash function and >large blocks of input would probably work out better. I'm sure there >will be plenty of opinions around here. --Perry] On a Sun workstation that I used back in about 1990, the particular A/D converters they used (or the card they were in) gave electronic noise in the LSB if there was no microphone plugged in. The entropy of true randomness was about 1 bit every 2 samples and I used to distill randomness as Perry suggested -- with a hash function, after gzip. The trouble is that this source of randomness varies by card. Some show it and some don't. If you leave the mic plugged in, the question becomes how much entropy is in the room noise of the computer that no attacker could learn. It's not really random and it is attackable (e.g., by the attacker's own microphone array), but if you know there is no attacker mic in the room, you might talk yourself into trusting the bits derived this way to be unique to you. I had some command line (UNIX pipe) randomness distilling programs on my web site, before my old ISP lost that site. I will see if I can put them back this weekend. - Carl -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.2 iQA/AwUBOo84J3PxfjyW5ytxEQJVrgCg3RzaQMUflY0Z406P9QwRMaSulu4AoNCz U0O+L7Hm1Os+44EnT2GMmcP9 =KEg7 -----END PGP SIGNATURE----- +------------------------------------------------------------------+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | | PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+