Hash: SHA1

At 03:31 PM 2/14/01 +0200, Paul N wrote:
>It is secure to make a onetime pad using 16 bit input from soundcard using
>the  following algorithm?
>Each bit of the output is the result of XOR-ing all 16 bits from the input 
>sample... so, for making one byte of "one-time pad", I need 8 samples (16*8 
>bits or 16 bytes) of input?
>Of course I allow this only if the cllipping doesn't occurs and there is 
>[I would not feel particularly comfortable merely combining the bits
>of a single sample -- distilling entropy using a hash function and
>large blocks of input would probably work out better. I'm sure there
>will be plenty of opinions around here. --Perry]

On a Sun workstation that I used back in about 1990, the particular A/D
converters they used (or the card they were in) gave electronic noise in the
LSB if there was no microphone plugged in.  The entropy of true randomness
was about 1 bit every 2 samples and I used to distill randomness as Perry
suggested -- with a hash function, after gzip.

The trouble is that this source of randomness varies by card.  Some show it
and some don't.

If you leave the mic plugged in, the question becomes how much entropy is in
the room noise of the computer that no attacker could learn.  It's not really
random and it is attackable (e.g., by the attacker's own microphone array),
but if you know there is no attacker mic in the room, you might talk yourself
into trusting the bits derived this way to be unique to you.

I had some command line (UNIX pipe) randomness distilling programs on my web
site, before my old ISP lost that site.  I will see if I can put them back
this weekend.

 - Carl

Version: PGP 6.5.2


|Carl M. Ellison         [EMAIL PROTECTED]     http://world.std.com/~cme |
|    PGP: 08FF BA05 599B 49D2  23C6 6FFD 36BA D342                 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+

Reply via email to