Re: Simple Hardware RNG Idea
At 5:57 PM 9/30/95, zinc wrote:
regarding the use of radioactive material for generating random numbers, lantern mantles are fairly radioactive. i'd say they would be able to emit sufficient particles for OTP use, especially if one builds a device that just constructs the pads all the time (ie, it just sits there making various pads of X min length and Y max length, storing them on a hard drive, or RAM if you're that rich). you just request a pad from the machine when you need it and encrypt whatever with it...
Thorianated lantern mantles are only slightly radioactive. The counts per second is what matters. This will be a function of a lot of things, not the least of which is the detector area and the fluence of alphas intercepted. At the risk of repeating myself, there are easier ways of generating essentially random numbers. --Tim May (P.S., as my last word on this for a while. You may have heard that RAM chips can have bits flipped by the alpha particles emitted by low levels of uranium and thorium present in packaging materials. And that cosmic rays can do the same thing, at a lower error rate. Well, I discovered these effects in 1977 and wrote the original papers on this "soft error" effect. I'm not making an appeal to authority here, just telling you why I'm skeptical of all of these proposals to make a radioactive decay-based random number source. There are much easier ways.) ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."
Timothy C. May writes:
I'm not making an appeal to authority here, just telling you why I'm skeptical of all of these proposals to make a radioactive decay-based random number source. There are much easier ways.)
I don't believe the "easier" ways are actually really easier, in so far as it is very hard to successfully demonstrate that there are no hidden flaws in most kinds of hardware RNGs -- showing you aren't picking up nearby RFI and turning it into your RNG output and things of that sort. A radioactive source is hard to manipulate at a distance. It will not produce a big volume of random numbers but it will produce pretty high quality ones. If you have a free running /dev/rand implementation that saves a lot of them up you should have enough for most of our purposes. And, as I noted, there are RS232 interfaceable radiation detectors you can buy off the shelf -- no hardware hacking needed. Perry
Perry writes, regarding alpha decay counts for random numbers:
And, as I noted, there are RS232 interfaceable radiation detectors you can buy off the shelf -- no hardware hacking needed.
As far as a radiation source goes, the Americium 241 source from a cheap smoke detector is just dandy. A while ago, I took one into the lab and put it on a scintillating counter and got alpha hits at roughly half-microsecond intervals. It was a while ago, so I forget how this compared to the rating in Curies on the package. But that would be fine for a low-to-moderate bandwidth RNG. -- Will
I write:
put it on a scintillating counter and got alpha hits at roughly half-microsecond intervals. ^^^^^^^^^^^^^^^^
Um, sorry about that. That's half _millisecond_ intervals. What's three orders of magnitude between friends? As long as I'm correcting myself, I just sent another message with subject "Quantum Crypto..." which should have been "Quantum Computing..." Sigh. Sundays. -- Will
participants (3)
-
Perry E. Metzger -
tcmay@got.net -
W. Kinney