Re: Lava lamp random number generator made useful?
On Tue, 2008-09-23 at 00:09 -0700, Jon Callas wrote: A cheap USB camera would make a good source. The cheaper the better, too. Pull a frame off, hash it, and it's got entropy, even against a white background. No lava lamp needed. I sort of agree, but I feel cautious about recommending that people use their holiday snaps. And then post them on line... if you see where I am going :) But it is a good suggestion. That's not at all what I suggested. There are so many ways that one can creatively screw up reasonable cryptographic advice that I don't think it's worth bothering with. The point is that if you take a cheap 640x480 (or 320x240) webcam and point it against a photographic grey card, there's going to be a lot of noise in it, and this noise is at its bottom quantum in nature. Thus, there's a lot of entropy in that noise. Photographic engineers work *hard* to remove that noise, and you pay for a lack of noise. I'm willing to bet that if I give you hashes of frames, knowing this process, you can't get pre-images. I'll bet that you can't get pre- images even if I let you put a similar camera next to the one I'm using. In short, I'm willing to bet that a cheap camera is a decent random number source, even if you try to control the image source, to the tune of 128-256 bits of entropy per frame. No lava lamps are needed, no weird hardware. Just use the noise in a CCD. Another option would be to use noise. If you have a webcam, you also have some sort of sound input usually. Crappy microphones will give you all sorts of hashable input. (My non-webcam enabled laptop has two tiny microphones above the screen. It would be good to put them to some use...) And is it every truly quiet? Not certain how long of a sample you would need. I suspect not that long. To generate a random seed, please scream at your computer for 30 seconds. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Lava lamp random number generator made useful?
A cheap USB camera would make a good source. The cheaper the better, too. Pull a frame off, hash it, and it's got entropy, even against a white background. No lava lamp needed. I sort of agree, but I feel cautious about recommending that people use their holiday snaps. And then post them on line... if you see where I am going :) But it is a good suggestion. That's not at all what I suggested. There are so many ways that one can creatively screw up reasonable cryptographic advice that I don't think it's worth bothering with. The point is that if you take a cheap 640x480 (or 320x240) webcam and point it against a photographic grey card, there's going to be a lot of noise in it, and this noise is at its bottom quantum in nature. Thus, there's a lot of entropy in that noise. Photographic engineers work *hard* to remove that noise, and you pay for a lack of noise. I'm willing to bet that if I give you hashes of frames, knowing this process, you can't get pre-images. I'll bet that you can't get pre- images even if I let you put a similar camera next to the one I'm using. In short, I'm willing to bet that a cheap camera is a decent random number source, even if you try to control the image source, to the tune of 128-256 bits of entropy per frame. No lava lamps are needed, no weird hardware. Just use the noise in a CCD. Jon - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Lava lamp random number generator made useful?
On Sun, Sep 21, 2008 at 01:20:22PM -0400, James Cloos wrote: IanG == IanG [EMAIL PROTECTED] writes: IanG Nope, sorry, didn't follow it. What is BOM, SoC, A plug, gerber? Bill Of Materials -- cost of the raw hardware System on (a) Chip -- microchip with CPU, RAM, FLASH, etc USB A Plug -- physical flat-four interface; think USB key drive gerber -- file format for hardware designs A system-on-a-chip which has rng and usb-client hardware on board (aka on chip) should fit in a package which looks just like a USB key drive. I looked into this at moderate length about two years ago. One very attractive choice was the cheapest Motorola Coldfire with their onboard crypto block, because you get the hashing for free and don't waste host resources transferring in data you'll then distill by hash -- or hashing it. As a source of random numbers, I was figuring to use one of the publically available thermal noise designs plus the cheapest HiFn PCI crypto chip (which features a multi-oscillator RNG I'm reasonably familiar with) since the Coldfire with crypto has both USB and PCI on it. Thor - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Lava lamp random number generator made useful?
On 09/20/2008 12:09 AM, IanG wrote: Does anyone know of a cheap USB random number source? Is $7.59 cheap enough? http://www.geeks.com/details.asp?invtid=HE-280Bcat=GDT For that you get a USB audio adapter with mike jack, and then you can run turbid(tm) to produce high-quality randomness. Reference, including analytical paper plus code: http://www.av8n.com/turbid/ As a meandering comment, it would be extremely good for us if we had cheap pocket random number sources of arguable quality [1]. If the above is not good enough, please explain. I've often thought that if we had an open source hardware design of a USB random number generator ... that cost a few pennies to add onto any other USB toy ... then we could ask the manufacturers to throw it in for laughs. Something like a small mountable disk that returns randoms on every block read, so the interface is trivial. I think the turbid solution is much better than a disk. -- Unlimited long-term capacity. -- Perfect forward secrecy, unlike a disk, unless you do a really good job of erasing each block after use. -- Perfect secrecy in the other direction, period. Then, when it comes time to generate those special keys, we could simply plug it in, run it, clean up the output in software and use it. Hey presto, all those nasty software and theoretical difficulties evaporate. If the above is not good enough, please explain. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Lava lamp random number generator made useful?
Does anyone know of a cheap USB random number source? As a meandering comment, it would be extremely good for us if we had cheap pocket random number sources of arguable quality [1]. I've often thought that if we had an open source hardware design of a USB random number generator ... that cost a few pennies to add onto any other USB toy ... then we could ask the manufacturers to throw it in for laughs. Something like a small mountable disk that returns randoms on every block read, so the interface is trivial. Then, when it comes time to generate those special keys, we could simply plug it in, run it, clean up the output in software and use it. Hey presto, all those nasty software and theoretical difficulties evaporate. A TPM has random numbers of arguable quality. I'm happy to argue either side of it, but that's not what you asked. A cheap USB camera would make a good source. The cheaper the better, too. Pull a frame off, hash it, and it's got entropy, even against a white background. No lava lamp needed. Jon - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Lava lamp random number generator made useful?
IanG == IanG [EMAIL PROTECTED] writes: IanG I've often thought that if we had an open source hardware design IanG of a USB random number generator It should be doable as just a RNG device for a BOM of a few tens of USD. There are at least of couple of SoCs on the market which advertise USB client hw and at least some onboard crypto. Put one of those in a key- sized container with just enough glue for an A plug and the hw is done. The software should be easy enough. Linux's gadget driver can claim to be pretty much anything -- serial, storage, ethernet. I presume the various BSD's can do so as well. So the software end should be easy. Are there any HW engineers here who can flesh out the above into a gerber file or similar? -JimC -- James Cloos [EMAIL PROTECTED] OpenPGP: 1024D/ED7DAEA6 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Lava lamp random number generator made useful?
IanG == IanG [EMAIL PROTECTED] writes: IanG Nope, sorry, didn't follow it. What is BOM, SoC, A plug, gerber? Bill Of Materials -- cost of the raw hardware System on (a) Chip -- microchip with CPU, RAM, FLASH, etc USB A Plug -- physical flat-four interface; think USB key drive gerber -- file format for hardware designs A system-on-a-chip which has rng and usb-client hardware on board (aka on chip) should fit in a package which looks just like a USB key drive. The software load could make it look like any USB device, including a USB storage device where every read produces blocks of entropy, as you suggested. A search for site:linuxdevices.com SoC RNG USB shows some useful SoCs, such as: http://www.linuxdevices.com/news/NS9265554097.html http://www.linuxdevices.com/news/NS6958318931.html http://www.linuxdevices.com/news/NS6020408561.html http://www.linuxdevices.com/news/NS4943322251.html http://www.linuxdevices.com/news/NS4469294424.html There seems to be significant interest in the industry for SoCs for Point of Sale smartcard readers which would also work for your proposed design. You did suggest an open hardware design As for using a camera, shots with a lens cover on and with the gain turned up (ie, tell people to set the camera to its highest ISO setting) should maximize the recorded entropy w/o using their candids, eh? -JimC -- James Cloos [EMAIL PROTECTED] OpenPGP: 1024D/ED7DAEA6 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Lava lamp random number generator made useful?
Jerry Leichter wrote: At ThinkGeek, you can now, for only $6.99, buy yourself a USB-powered mini lava lamp (see http://www.thinkgeek.com/gadgets/lights/7825/). All you need is some way to watch the thing - perhaps a USB camera - and some software to extract random bits. (This isn't *really* a lava lamp - the lamp is filled with a fluid containing many small reflective plastic chips, lit from below by a small incandescent bulb which also generates the heat that keeps the fluid circulating. From any given vantage point, you get flashes as one of the plastic chips gets into just the right position to give you a reflected view of the bulb. These should be pretty easy to extract, and should be quite random. Based on observation, the bit rate won't be very high - a bit every couple of seconds - though perhaps you can use cameras at a couple of vantage points. Still, worth it for the bragging rights.) Does anyone know of a cheap USB random number source? As a meandering comment, it would be extremely good for us if we had cheap pocket random number sources of arguable quality [1]. I've often thought that if we had an open source hardware design of a USB random number generator ... that cost a few pennies to add onto any other USB toy ... then we could ask the manufacturers to throw it in for laughs. Something like a small mountable disk that returns randoms on every block read, so the interface is trivial. Then, when it comes time to generate those special keys, we could simply plug it in, run it, clean up the output in software and use it. Hey presto, all those nasty software and theoretical difficulties evaporate. iang [1] the competitive process and a software clean-up would sort out any quality issues. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Lava lamp random number generator made useful?
The Lava Lamp Random Number generator (at http://www.lavarnd.org/) generates true random numbers from the images of a couple of lava lamps. Of course, as a source of randomness for cryptographic purposes, it's useless because it's visible to everyone (though I suppose it might be used for Rabin's beacons). At ThinkGeek, you can now, for only $6.99, buy yourself a USB-powered mini lava lamp (see http://www.thinkgeek.com/gadgets/lights/7825/). All you need is some way to watch the thing - perhaps a USB camera - and some software to extract random bits. (This isn't *really* a lava lamp - the lamp is filled with a fluid containing many small reflective plastic chips, lit from below by a small incandescent bulb which also generates the heat that keeps the fluid circulating. From any given vantage point, you get flashes as one of the plastic chips gets into just the right position to give you a reflected view of the bulb. These should be pretty easy to extract, and should be quite random. Based on observation, the bit rate won't be very high - a bit every couple of seconds - though perhaps you can use cameras at a couple of vantage points. Still, worth it for the bragging rights.) An alternative, also at ThinkGeek, is a USB-powered Plasma Ball (at http://www.thinkgeek.com/geektoys/science/964e/) . The arc discharges should be even easier to convert into a bitstream, though it's probably a more biased source than the lava lamp, so will need more post-processing. -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
