Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ultra-low-cost True Randomness

Posted by CmdrTaco on from the and-a-damn-fine-hack dept.

Cryptocrat writes "Today I blogged about a new method for secure random sequence generation that is based on physical properties of hardware, but requires only hardware found on most computer systems: from standard PCs to RFID tags." Basically he's powercycling memory and looking at the default state of the bits, which surprisingly (to me anyway) is able to both to fingerprint systems, as well as generate a true random number. There also is a PDF Paper on the subject if you're interested in the concept.

9 of 201 comments (clear)

  1. Re:A Slightly More Expensive Method by NetCow · · Score: 3, Informative

    Mersenne Twister is not a random number generator, it's a pseudo-random number generator.

    Randomness is measured as entropy. See here for details: http://mathworld.wolfram.com/Entropy.html

  2. How it compares to the Mersenne Twister by benhocking · · Score: 3, Informative

    The Mersenne Twister is a pseudo-random number generator. For many uses, this is preferable to a true random number generator as it is easily repeatable. (One can also repeat the results of a true random number generator by storing the output, but depending on how many random numbers you're generating, this might be space intensive.)

    That said, although this might be "true" randomness, what kind of randomness it is? Uniform over a range? Gaussian? Weibull? Most likely, none of the above if it can be used for fingerprinting systems. (No, I did not RTFA.)

    --
    Ben Hocking
    Need a professional organizer?
  3. This is hardly random by gillbates · · Score: 3, Informative

    As an embedded engineer, I've encountered numerous cases where power cycling RAM did not alter the contents.

    In fact, I've seen systems boot and run even after the power was cut for several seconds. Some types of SRAM and SDRAM have the ability to retain an (imperfect) memory image even at very low voltage levels. Sure, it's not guaranteed to be accurate by the manufacturer, but RAM "images" are a pretty well known phenomenon. In some cases, the contents of memory can be reconstructed even after the computer has been powered off and removed to a forensic laboratory.

    This is not random at all. In fact, it's more likely to produce an easily exploitable RNG than anything else; I would not be at all surprised if the standard UNIX random number generator provided better security.

    --
    The society for a thought-free internet welcomes you.
  4. A suggestion for this blogger by Quila · · Score: 3, Informative

    Learn How To Use Capital Letters At The Beginning Of Sentences!

  5. Our research group will answer questions soon... by fubob · · Score: 5, Informative

    We were surprised to suddenly get attention to this paper, but apparently Slashdot readers are watching the security seminar at UMass Amhest.

    Anyhow, we will be answering questions in this thread. So if you have any questions, post them here and Dan Holcomb will get back to you as soon as he can.

    Cheers,
    -Kevin Fu

  6. Re:Four by ukatoton · · Score: 5, Informative
    RTFA
    There are 3 states the bits can fall into:

    1. initially (almost) always 0
    2. initially 0 or 1 with somewhat even probability
    3. initially (almost) always 1

    Using the bits that fall into category 2 to generate the number will result in a random number, as these are known to change randomly

    since it is now known which bits will change with each power cycle, those bits can be used as a source of true randomness


    Bits falling into the other two states are ignored for the random function and are used for the identification function.
  7. HotBits by The+-e**(i*pi) · · Score: 3, Informative

    The only way I know of generating truly random numbers (not psudorandom) is hot bits which works on the principle of single radioactive atoms decaying after a perfectly random, in every sense of the word, time. http://www.fourmilab.ch/hotbits/

  8. Re:Four by ajs · · Score: 3, Informative

    I'm not entirely clear on why this is more interesting than just using timing like most of the rest of the world does. Perl has, for example, long used a setjmp/longjmp-based timing test for its Math::TrulyRandom package by Matt Blaze and Don Mitchell of AT&T and of course most modern Unix-like systems implement /dev/random and /dev/urandom again based on timing. RFC1750 has given useful directions on how to generate random numbers on generic hardware for well over a decade. I recall first reading this RFC, not long after it came out. It really changed my understanding of random numbers on computer hardware.

    This just doesn't seem all that newsworthy, though it's cool enough as yet another random number generation technique, I suppose.

  9. Old news - I have already been granted patents by ironring · · Score: 5, Informative

    This is a bit of old news. I have already authored and been granted several patents in this area.
    6,906,962 Method for defining the initial state of static random access memory
    6,828,561 Apparatus and method for detecting alpha particles
    6,738,294 Electronic fingerprinting of semiconductor integrated circuits
    I have several other ideas for application of this technology and would be happy to discuss if someone is interested.
    Paul