Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Is It Random Enough?

Posted by Cliff on from the chaos-from-order dept.

TheCamper asks: "The generation of random numbers is very important in many areas, especially encryption. Pseudo Random numbers created by software is simply not good enough. Many key generation applications ask the user to move the mouse or bang on the keyboard to add to the randomness. You can also purchase a (very expensive) hardware random number generator to make truly random numbers. Wanting the randomness of a hardware random number generator without wanting to pay for or build my own, I was wondering if crinkling cellophane (or the like) into my computer's microphone would be considered random enough for serious encryption key generation." What entropy sources would you use for the generation of strong encryption keys?

5 of 153 comments (clear)

  1. Lava Lamps for Random numbers by zhiwenchong · · Score: 2, Insightful

    Lava Lamps:
    http://www.lavarnd.org/what/index.html

  2. Re:"Truly Random" by alienw · · Score: 2, Insightful

    Apparently, you haven't heard of quantum mechanics and Heisenberg's uncertainty principle, which states that it is impossible to know the exact position AND velocity of an electron, thus making the motion of one unpredictable. There are quite a few sources like this -- radioactive decay, various noise sources. In fact, you could probably have a decent random number generator just by sampling the noise on an unused input on a soundcard (the crappier the soundcard, the better).

  3. Re:What's so expensive? by rjh · · Score: 2, Insightful

    Radioisotope decay isn't the gold standard of randomness; it's possible to find determinism in it. As it turns out this isn't because of any inherent determinism in whether an atom decays or not, but because of the determinism in the hardware used to measure it. When a Geiger counter trips, it has a certain (finite) refresh time before it will measure another decay event. That means during the refresh time, it will register 0 regardless of whether decay events occur during that time or not.

    A perfect Geiger counter plus a radioisotope equals a perfect random number generator. Unfortunately, perfect Geiger counters don't exist. We can get extremely good randomness from radioisotope-based RNGs, but there are limits even to them.

  4. Re:White Noise? by poopdeville · · Score: 2, Insightful

    Notice that you require a random sorting of frequencies and samples. You'd need a random number generator to come up with one of those.

    Even if you had one of those, this wouldn't increase the entropy of your data set. The problem is that in slicing and dicing your recording, you'd be creating discontinuities in the function that describes the original wave form. Fourier analysis tells us that this would shift the spectrum upwards, reducing entropy since there's limited bandwidth in our channel.

    If don't believe me, record a cd of white noise and put a couple of scratches in it. It should be immediately apparent where the scratches are when you listen to it. :-)

    --
    After all, I am strangely colored.
  5. Re:Define "strong encryption key". by Chess_the_cat · · Score: 2, Insightful

    So don't start it on its face. Hold it perpendicular to a surface and then flip it.

    --
    Support the First Amendment. Read at -1