FWD: Hot and cold running randomness

Bill Stewart stewarts at ix.netcom.com
Fri Mar 14 21:06:20 PST 1997 

The following article was on RISKS Digest.
Obviously it's not usable for cryptographic randomness,
since you can't trust the path to be safe from eavesdroppers
(even if you're using SSL/RC4-128, can you trust the far end?
or from denial of service attacks (so be careful about wiring it in),
but sometimes you just want a good-quality random number to seed things,
such as a simulation program, and it might not be a bad thing to
hash in to your entropy pool with locally-derived sources.
------------------------------

Date: Mon, 10 Mar 1997 13:10:36 -0800
From: dwing at Cisco.COM (Dan Wing)
Subject: Hot and cold running randomness

TBTF's 9 Mar 1997 issue carried this item:

#..Hot and cold running randomness
#
#    Perhaps for the first time, anyone with an Internet connection can
#    tap a source of true randomness. The creator of HotBits [16], John
#    Walker <kelvin at fourmilab.ch>, describes it as
#
#      > an Internet resource that brings genuine random numbers, 
#      > generated by a process fundamentally governed by the inherent
#      > uncertainty in the quantum mechanical laws of nature, directly
#      > to your computer... HotBits are generated by timing successive
#      > pairs of radioactive decays... You order up your serving of
#      > HotBits by filling out a [Web] request form... the HotBits
#      > server flashes the random bytes back to you over the Web.
#
#    Walker modified an off-the-shelf radiation detector to interface to
#    a PC-compatible serial port, and ran a cable three floors down from
#    his office to a converted 70,000-litre subterranean water cistern
#    with metre-thick concrete walls, where the detector nestles with a
#    60-microcurie Krypton-85 radiation source.
#
#    If you're in the mood for an anti-Microsoft rant of uncommon eloquence,
#    Walker can supply that too [17].
#
#    Thanks to Keith Bostic <bostic at bostic.com> for the word on this 
#    delightful service.
#
#    [16] <URL:http://www.fourmilab.ch/hotbits/>
#    [17] <URL:http://www.fourmilab.ch/hotbits/source/hotbits-c.html>

An interesting idea, but hopefully no will use it -- it is too easily
spoofed via DNS, and the host itself could be hacked to return the same
'random' number all the time.  (Maybe after we have IPsec, SecDNS, _and_ you
trust the host we could use services like this on the Internet).

Dan Wing  dwing at cisco.com

------------------------------


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)

More information about the cypherpunks-legacy mailing list