Curious RNG stalemate [was: use of cpunks]

Bill Stewart bill.stewart at pobox.com
Thu Oct 17 13:45:10 PDT 2013 

At 09:56 AM 10/17/2013, grarpamp wrote:
>I'd guess that with good sources, today's prng code is sufficiently
>strong and at least some unix systems do save state across reboot.

>Now if someone would just sell a completely open discrete logic
>serial port hw entropy source for under $50... that would end
>a lot of the talk. Even with a more costly radiation source rather
>than other phenomena you'd still likely make good profit in quantity
>from China at that price.

First of all, lots of important hardware doesn't have ports on it,
particularly virtual machines, which have a whole raft of issues
even if you're running them on a server you physically control rather than
somebody else's cloud service.  The server has some ports,
but you need to make sure your hypervisor and clients have drivers that
will let the client access the hypervisor's /dev/random or equivalent.
VMware will have to do their own; you might contribute to OpenStack.

Another important kind of hardware where that doesn't work are
home routers, because the market price of $29-99 can't support much
extra money for randomness hardware; if it's not in the ARM core
or whatever other low-power cheap CPU, then it's only going to be
able to extract entropy from timing and network traffic,
and there's unlikely to be a high-precision clock chip.
Maybe you can get the manufacturer to burn a pseudo-random number
into the box along with the ethernet MAC or something,
but otherwise it's going to have to be software.
(So maybe you can augment Tomato/WRT-11/etc to listen for traffic
for a while before starting, and write an app for your PC
that beacons some entropy for the router to listen to?)

As far as your entropy dongle goes, the only way to get it cheap
is to make large volumes, which means you need a device that's
intended for some other application, like a $20 TV tuner/audio frob
or a webcam in a dark can getting CCD noise, or a webcam you wave at.
If you want speed, you need USB, not serial, but that's fine,
because almost nobody's including real serial ports these days.
If you want slow, you can get a geiger counter from Sparkfun/etc. for ~$99,
but you're not going to get anything intentionally radioactive 
shipped cheap from China.

More information about the cypherpunks mailing list