DIY RNGs [was: Re: Curious RNG stalemate [was: use of cpunks]]

[Krisztián Pintér]

Ted Smith (at Tuesday, October 22, 2013, 5:15:09 PM):

> It actually works; when you view the webcam you can see the little
> points of light where an alpha particle hits the sensor.

> Is it possible to make an entropy source out of something like that? If
> so, it was a really simple (less than two hours IIRC) build, and it cost
> about $40.

you can make entropy source out of anything that you can access from
your computer. accessing is actually the harder part. you need to find
out how to attach. you need to find out what access interface to use,
how to be cross platform if you want to, how to test it on different
platforms, how to retest if after new releases of said platforms, and
so on. you can run into all sort of driver problems.

another hard-ish part is to estimate the true entropy content. it
might be much smaller than it looks like. understanding the physics of
the underlying phenomenon helps.

once you have your data stream in memory, you just need to use some
whitening. that is the easy part. virtually every cryptographic
primitive can be turned into a secure whitener.

for example, i have implemented a small toy/tool to generate random
data from the noise of the sound card. it is pretty much the same
thing, you just replace the line-in with your data source, and the
whitening part is done. it is for windows only. check it out here:

https://github.com/krisztianpinter/rnd_wavein

disclaimer: the old rule "don't roll your own crypto" is still in
effect.