On 15/09/11 02:36, Sandy Harris wrote: > RFC 1750 has been obsoleted by 4086 > http://tools.ietf.org/html/rfc4086
Thanks, I didn't realise. Seems like the section on using existing sound/video input is unchanged. > There's code for an RNG available, based on a sound card with no mic > connected, with a good analysis of the thermal and other noise used. > http://www.av8n.com/turbid/ I have some concerns about Turbid. As far as I can tell, it works by sampling noise from a soundcard with nothing connected, calculating a theoretical lower bound on the entropy of the noise, and using that lower bound to determine how much noise to feed into a hash function (SHA-1) to ensure 160 bits of entropy in the hash function's 160-bit output. It's a clever approach, but one thing makes me nervous: the lower bound is based on the assumption that the noise from the soundcard is white noise. Possible sources of non-white noise (eg interference from the power supply, which would produce a periodic "hum") are mentioned in section 6.4 of the paper, but it's assumed that they can only add to the entropy of the sampled noise. In a general sense that's true: adding a signal to white noise, even a totally predictable signal, doesn't produce a combined signal that's any more predictable than the white noise alone. But in a more specific sense it's problematic, because you can't determine the volume of the white noise from the volume of the combined signal - and I *think* that's what Turbid's calibration process tries to do. If I'm right, the presence of non-white noise might cause Turbid to overestimate the amount of white noise available from the soundcard, in which case it wouldn't feed enough noise into the hash function to ensure a high-entropy output. I say "might" because I don't really understand how Turbid's calibration process works. For each model of soundcard you have to calculate some parameters by soldering cables, playing test tones and taking measurements with a voltmeter. How that produces an estimate of the amount of white noise, as opposed to noise-of-all-colours, I can't tell. Maybe someone who understands the maths better than I do can explain? > If you are actually constructing an RNG, though, it is better not to > discard any possible entropy. If you're sure there's no more than > one bit per sample, take the parity of the sample rather than > just the low-order bit. If there might be more than one, take the > sample modulo something that is not a power of two. Ah, thanks, the parity idea makes sense. Could you explain how the modulo idea works? Cheers, Michael _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
