True Random Number Generator
in [Cryptography]
|
From: Spinner on 22 Jan 2010 05:38 unruh <unruh(a)wormhole.physics.ubc.ca> wrote: >On 2010-01-20, William Ahern <william(a)wilbur.25thandClement.com> wrote: >> unruh <unruh(a)wormhole.physics.ubc.ca> wrote: >><snip> >>> What you need to do is to analyse the generators so as to be able to >>> estimate their "randomness". >> >> Here's a simple solution for an entropy source, independently verifiable by >> any layman. > >Actually no, it is hard to independently verifiable. >For all you know the "geiger counter" just puts out a pseudo random >stream of clicks. > > >> >> http://www.blackcatsystems.com/GM/products/GM10GeigerCounter.html > >Geiger counters have problem with dead time. Thus the distribution is >not a proper poisson distribution. And you always have problem with >biases with physical sources. Making sure you have a good estimate of >the true randomness is hard is you take it seriously. > > >> https://unitednuclear.com/index.php?main_page=index&cPath=2_5 >> Actually yes. The first source (blackcat) also provides a radiation source. It is trivial to move the source to and from the detector == if the count changes, its either magic or its radiation counting. The ONLY absolutely random generator is a physical source - whether its a geiger counter or an avalanche diode - nothing "electronic" is non-deterministic. And if you're really that paranoid about extremely high rate tube saturation (dead time), buy 20 of the 4 tube units. Unless you have just been hit by a warhead, the 'dead time' is not going to be an issue. Microseconds between ticks in a geiger counter will be quite literally random - unless Einstein was wrong. If you miss a tick now and then, because of a particle coincidence (or near coincidence) - guess what? That is ALSO a random quantum and not predictable event. Where is it stated that quantum results provide poisson distributions in physically realizable detectors anyway. If number N+1 cannot be predicted from any theoretical analysis of numbers N0 through N, then its good enough-its random. The time from click N to click N+1 is, by definition for ratiation, not predictable. You are missing the point on bias - just because a counter missed a count before has nothing to do with the next count delay time if one cannot be used to predict the other - which it cant because the causal action is a quantum event. And they sell a coincidence detector for counting cosmic rays. Its a really low rate device - but if theres anything more provably random than cosmic ray delay times (between) I have no idea what it might be. -- 2+2!=5 even for extremely large values of 2
From: Spinner on 22 Jan 2010 05:43 rossum <rossum48(a)coldmail.com> wrote: >On Wed, 20 Jan 2010 08:50:30 -0800 (PST), jmorton123 ><jmorton123(a)rock.com> wrote: > >>When you start the program it saves the system time. Each time you >>click the mouse or press the enter key, the time is once again >>stored. Then the start time is subtracted from the mouse click time. >>Then this difference is used to access an array that contains the >>binary numbers from 0 - 255. >And if the attacker has a hidden microphone in your office or is >bouncing a laser off the office windows they will be able to hear, and >time, mouse clicks and key strokes. > >You need a source of randomness that can more easily be protected from >an attacker. > >Your idea may possibly be of use in a Fortuna-style RNG as one among >many entropy sources. Fortuna is designed to be usable with >low-quality entropy sources. > >rossum If an attacker has enough access to plant a microphone or the money to monitor your office with a laser, you're screwed. S/he's already been in and copied your HDD and compromised your work area so badly theres' no hope. You've been rooted at the wetware level. -- 2+2!=5 even for extremely large values of 2
From: David Eather on 22 Jan 2010 12:01 Spinner wrote: > unruh <unruh(a)wormhole.physics.ubc.ca> wrote: > >> On 2010-01-20, William Ahern <william(a)wilbur.25thandClement.com> wrote: >>> unruh <unruh(a)wormhole.physics.ubc.ca> wrote: >>> <snip> >>>> What you need to do is to analyse the generators so as to be able to >>>> estimate their "randomness". >>> Here's a simple solution for an entropy source, independently verifiable by >>> any layman. >> Actually no, it is hard to independently verifiable. >> For all you know the "geiger counter" just puts out a pseudo random >> stream of clicks. >> >> >>> http://www.blackcatsystems.com/GM/products/GM10GeigerCounter.html >> Geiger counters have problem with dead time. Thus the distribution is >> not a proper poisson distribution. And you always have problem with >> biases with physical sources. Making sure you have a good estimate of >> the true randomness is hard is you take it seriously. >> >> >>> https://unitednuclear.com/index.php?main_page=index&cPath=2_5 >>> > > Actually yes. The first source (blackcat) also provides a radiation > source. It is trivial to move the source to and from the detector == > if the count changes, its either magic or its radiation counting. > > The ONLY absolutely random generator is a physical source - whether > its a geiger counter or an avalanche diode - nothing "electronic" is > non-deterministic. > > And if you're really that paranoid about extremely high rate tube > saturation (dead time), buy 20 of the 4 tube units. Unless you have > just been hit by a warhead, the 'dead time' is not going to be an > issue. > > Microseconds between ticks in a geiger counter will be quite literally > random - unless Einstein was wrong. If you miss a tick now and then, > because of a particle coincidence (or near coincidence) - guess what? > That is ALSO a random quantum and not predictable event. Where is it > stated that quantum results provide poisson distributions in > physically realizable detectors anyway. If number N+1 cannot be > predicted from any theoretical analysis of numbers N0 through N, then > its good enough-its random. The time from click N to click N+1 is, by > definition for ratiation, not predictable. You are missing the point > on bias - just because a counter missed a count before has nothing to > do with the next count delay time if one cannot be used to predict the > other - which it cant because the causal action is a quantum event. > > And they sell a coincidence detector for counting cosmic rays. Its a > really low rate device - but if theres anything more provably random > than cosmic ray delay times (between) I have no idea what it might be. > > -- > 2+2!=5 even for extremely large values of 2 ?? 2+2!=4
From: jmorton123 on 31 Jan 2010 18:18 Your inclination to mistrust the claim of randomness using the time differences between clicks is justified. I will simply continue my work and make it available on my website. I know there are some of you who look at everything: sort of like Robert Redford's character in "Three Days of the Condor" who read "everything." It's their job. And I realize that I may never hear anything from any of you. Ever. But I do have experience in this area. The final product has been published before. I am simply recreating it step by step since I lost all of my original source code. But I do have a copy of the original software that includes detailed Help files that describe the entire package. So I will have no trouble recreating it. It will just take time. I had one user who once frequented this newsgroup that described the software as "bulletproof." What little you've read or seen so far are just baby-steps in this resurrection. It's all about the "random" numbers. If no one can reproduce the "random" numbers then no one can decrypt the encrypted message, regardless of where those "random" numbers came from or how they were produced. Steganography: if you don't even know that there is an encrypted message how will you ever know... Goodbye. JM On Jan 21, 12:21 pm, gordonb.q6...(a)burditt.org (Gordon Burditt) wrote: > >The clock time used is 1000 ticks per second. If there is a bias it > >must be incrediblly small because a computer cannont fuction with any > >significant clock bias nor can an operating system. > > I don't agree. I've seen a computer with time-of-day clocks off > by a rather large factor, so it lost about 58 minutes an hour > (although this wasn't the CPU clock, so it didn't run 30 times too > slow). The user of this computer hadn't noticed. I only noticed > because the time stamp on a diagnostic report for an unrelated > problem (dirty floppy drive heads) had the wrong year. Some users > didn't even bother to set the clock in the first place. > > Example: Suppose you start timing the mouse click by using a finer- > resolution clock, such as the Pentium Time Stamp Counter. This > clock increments at a much faster speed, say, 1GHz. Or perhaps you > go the expensive route using an atomic clock calibrated to national > standards. (No, I don't mean you sync to an atomic clock once a > day, I mean you *buy* one and use it, in addition to careful > sync'ing.) > > Mouse clicks and keystrokes on some computers are transmitted through > an 8052 (or similar) keyboard coprocessor, and the event travels > on a serial line clocked at about 30kHz to 50kHz (and it takes about > 10 bit times or so to transmit an event). The arrival times of > mouse clicks are now limited to about 3 - 5 kHz, and you lost most > of the finer-resolution randomness. > > It gets worse if the clock you're using and the keyboard serial > clock are divided down from the same master clock. > > There are hardware components and timing in the mouse driver that > limit how close mouse clicks can be to each other (two clicks > a microsecond apart are switch bounce), and how far apart they > can be from each other (what's the difference between two clicks > and one double click?) > > Browsers may be awoken from waiting for input based on a task > scheduler, which may be using scheduling time quanta that are > much larger than 1 millisecond. Even Windows does task scheduling. > > This information is being sent over a network. There are possibilities > here for bias to be introduced that's different for each user of > the web site generating the numbers, coming from the sender's ISP, > the web site's ISP, and every router in between. Suppose every > packet was held up by an ISP doing bandwidth throttling (which you > may not even know about!) to collect a bunch of packets from you > and release them all at once on a multiple of one second. You'd > lose a lot of randomness, but probably not enough throughput to > notice, and this might be happening to only *SOME* users of the web > site, so the fact that someone else did a complex certification of > the random numbers generated by the site doesn't mean that's what > YOU get. > > It's possible that network traffic variability can under some > circumstances introduce *more* randomness, but it's not something > the user or site owner can control or predict. > > It's also possible that the people at No Such Agency (or perhaps a > botnet operator) could have your connection to this web site run > through their router just to spoil the randomness you get from the > site, and you'd never know about it. > > >Furthermore, any > >insignifiant bias which you indicate that may be present is completely > >washed out by the randomness of the click moments entered by the > >user. > > Have you ever watched a TV show called "The Amazing Race"? Teams > of people race around the world. It seems that whenever they have > to get on an airplane, teams that were "close together" (due to > small differences related to their skill in navigating or completing > odd tasks that are part of the race) are now "exactly together" or > several hours apart depending on the airline schedule. There are > a lot of things that tend to sync up signals in computers. > > It tends to work the other way: things that sync up signals wash > out much if not all of the randomness entered by the user, in much > the same way that a big (automobile) traffic jam syncs the commuters. > > >Lastly, you need to ask youself: can these random numbers be > >reproduced? I think not. Thank you. > > Probably not exactly. But it might be a lot easier than it seems. > If you want proof, use the random numbers generated by such a site > to gamble with real money at high stakes, announce how you do it, > and someone will figure out how to break it well enough to win > a lot of money.
From: WTShaw on 1 Feb 2010 05:27
On Jan 31, 5:18 pm, jmorton123 <jmorton...(a)rock.com> wrote: > > It's all about the "random" numbers. If no one can reproduce the > "random" numbers then no one can decrypt the encrypted message, > regardless of where those "random" numbers came from or how they were > produced. > > Steganography: if you don't even know that there is an encrypted > message how will you ever know... > Two good points! Randomness can be multidimensional as well, not just a series but a complex array to be tapped as might be desired. Sources of randomness and cloaking are information in all its forms, nothing as explosive, hard to tally for wantabe trivial solutions. |