On Tue, Oct 22, 2013 at 06:47:40PM +0200, Krisztián Pintér wrote:
once you have your data stream in memory, you just need to use some whitening. that is the easy part. virtually every cryptographic primitive can be turned into a secure whitener.
for example, i have implemented a small toy/tool to generate random data from the noise of the sound card. it is pretty much the same thing, you just replace the line-in with your data source, and the whitening part is done. it is for windows only. check it out here:
It seems that rnd_wavein uses a small window (you document 256 samples as the default). One common silent-failure mode of video capture interfaces is to intermittently provide the same frame (around 1 MiB of data) twice! If your whitener doesn't chain blocks and you use the output directly as random data (worst case, as an OTP) then a long-term repeat like that is completely catastrophic, giving you a modern reprise of the Venona break: http://www.nsa.gov/about/_files/cryptologic_heritage/publications/coldwar/ve... If you do chain, it's merely reducing the entropy of the stream significantly. Also it's entirely possible that an attacker can influence the behavior of the system; depending on your threat model either through direct physical access or by causing CPU starvation through a network or algorithmic DoS to trigger misbehavior in the driver. It would be much better to implement a multi-stage entropy pool design with catastrophic mixing, such as Schneier et al's Fortuna: https://en.wikipedia.org/wiki/Fortuna_%28PRNG%29
disclaimer: the old rule "don't roll your own crypto" is still in effect.
Indeed. -andy