very naive question here : Wouldn't it be possible to build a RNG using something like a zener diode and a $2 microcontroller? J.
At 12:32 PM 9/9/2013, Juan Garofalo wrote:
very naive question here : Wouldn't it be possible to build a RNG using something like a zener diode and a $2 microcontroller?
Sure, and if you like playing with Arduinos and similar electronics, it'd be a good experiment. The main issues you run into (besides getting a decent fast USB interface without having to use surface-mount electronics, which are annoying to solder), are validating the quality of the randomness and getting enough speed to be useful (which depends not only on your noise quality but also on whether you're using a USB-enabled chip or just bit-banging. DieHard http://en.wikipedia.org/wiki/Diehard_tests is probably still the standard quality test - your noise is almost certain to be biased, rather than purely uniform, so you'll need to whiten the data and adjust your entropy estimates appropriately.
Here's some folks who did it using a lava lamp! http://www.lavarnd.org/ Obviously I wouldn't take this too seriously, but could be a fun weekend hack. On Mon, Sep 9, 2013 at 12:58 PM, Bill Stewart <bill.stewart@pobox.com>wrote:
At 12:32 PM 9/9/2013, Juan Garofalo wrote:
very naive question here : Wouldn't it be possible to build a RNG using something like a zener diode and a $2 microcontroller?
Sure, and if you like playing with Arduinos and similar electronics, it'd be a good experiment.
The main issues you run into (besides getting a decent fast USB interface without having to use surface-mount electronics, which are annoying to solder), are validating the quality of the randomness and getting enough speed to be useful (which depends not only on your noise quality but also on whether you're using a USB-enabled chip or just bit-banging.
DieHard http://en.wikipedia.org/wiki/**Diehard_tests<http://en.wikipedia.org/wiki/Diehard_tests>is probably still the standard quality test - your noise is almost certain to be biased, rather than purely uniform, so you'll need to whiten the data and adjust your entropy estimates appropriately.
-- ————————————— Rich Jones * OpenWatch* is a global investigative network using mobile technology to build a more transparent world. Download OpenWatch for iOS<https://itunes.apple.com/us/app/openwatch-social-muckraking/id642680756?ls=1&mt=8>and for Android<https://play.google.com/store/apps/details?id=org.ale.openwatch&hl=en> !
On Mon, Sep 09, 2013 at 12:58:28PM -0700, Bill Stewart wrote:
At 12:32 PM 9/9/2013, Juan Garofalo wrote:
very naive question here : Wouldn't it be possible to build a RNG using something like a zener diode and a $2 microcontroller?
Sure, and if you like playing with Arduinos and similar electronics, it'd be a good experiment.
If you go down this path, you'll want to review the math at http://www.av8n.com/turbid/paper/turbid.htm
The main issues you run into (besides getting a decent fast USB interface without having to use surface-mount electronics, which are annoying to solder), are validating the quality of the randomness and getting enough speed to be useful (which depends not only on your noise quality but also on whether you're using a USB-enabled chip or just bit-banging.
DieHard http://en.wikipedia.org/wiki/Diehard_tests is probably still the standard quality test - your noise is almost certain to be biased, rather than purely uniform, so you'll need to whiten the data and adjust your entropy estimates appropriately.
Diehard is very good at what it does ... but what it does is not very useful for validating a HWRNG. There's a long but very clear explanation of why, including examples, in the Turbid paper, section 7: http://www.av8n.com/turbid/paper/turbid.htm#sec-measurement -andy
On Mon, Sep 09, 2013 at 04:32:35PM -0300, Juan Garofalo wrote:
Wouldn't it be possible to build a RNG using something like a zener diode and a $2 microcontroller?
I would use a cheap analog circuit like http://www.maximintegrated.com/app-notes/index.mvp/id/3469 and let your audio card to A/D. Bonus points: there are already entropy gathering daemons which use soundcard input. Even cheaper: hang a cheap microphone into a fan exhaust. Noise definitely not white, but certainly more entropy than just looking at lowest bits of A/D.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/09/2013 04:01 PM, Eugen Leitl wrote:
Even cheaper: hang a cheap microphone into a fan exhaust. Noise definitely not white, but certainly more entropy than just looking at lowest bits of A/D.
I've been playing with one of these for a while with one of my netbooks: https://www.sparkfun.com/products/11345 By default, the firmware running in the on-board microcontroller records the time between three successive hits on the 'tube (t1, t2, t3). If (t2 - t1) < (t3 - t2), it prints a 0 to the serial port, else, it prints a 1 to the serial port. Hardly high resolution entropy, but it can be stirred into an entropy pool. New firmware can, of course, be developed using the existing C code as a base. I'm not entirely certain how helpful or useful it is (I have my doubts, to be honest), but if nothing else it's given me cause to do some reading up and try a few small scale experiments. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Your memories are fiction. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIvYZMACgkQO9j/K4B7F8EkFACffdFMYDo4n4b5o28SVwNGO6DJ CS8An3uWoQfewFYBCmP+1xByr3yDxgH2 =/y/F -----END PGP SIGNATURE-----
At 11:14 AM 9/10/2013, The Doctor wrote:
By default, the firmware running in the on-board microcontroller records the time between three successive hits on the 'tube (t1, t2, t3). If (t2 - t1) < (t3 - t2), it prints a 0 to the serial port, else, it prints a 1 to the serial port. Hardly high resolution entropy, but it can be stirred into an entropy pool.
I don't know how many bits/second you're getting out of it, but it's definitely high quality entropy, one real bit per bit, assuming they don't reuse the intervals. (It's ok to use t3 as the starting point for the next two intervals, so bit2 = ( (t4-t3) < (t5-t4) ), but not bit2 = ( (t3-t2) < (t4-t3) ), which would be correlated with bit1.)
On Mon, Sep 9, 2013 at 12:32 PM, Juan Garofalo <juan.g71@gmail.com> wrote:
... Wouldn't it be possible to build a RNG using something like a zener diode and a $2 microcontroller?
there's good discussion of true hardware random number generator design in "Cryptography Engineering"[0]. obviously getting a stream of biased bits is just the first step in usable entropy... 0. "Cryptographic Engineering" (2009) http://link.springer.com/book/10.1007/978-0-387-71817-0/page/1 or https://play.google.com/store/books/details/%C3%87etin_K_Ko%C3%A7_Cryptograp...
On Sep 9, 2013, at 12:32 PM, Juan Garofalo <juan.g71@gmail.com> wrote:
very naive question here :
Wouldn't it be possible to build a RNG using something like a zener diode and a $2 microcontroller?
Yes. If you took noise off of a diode or even a resister and just threw it into Yarrow, you'd have a very nice thing. The biggest problem with building good random number generators is that it's harder than you think on first glance and easier than you think on third glance. Jon
participants (8)
-
Andy Isaacson -
Bill Stewart -
coderman -
Eugen Leitl -
Jon Callas -
Juan Garofalo -
Rich Jones -
The Doctor