Curious RNG stalemate [was: use of cpunks]

Cathal Garvey cathalgarvey at cathalgarvey.me
Thu Oct 17 14:12:11 PDT 2013 

> If you want slow, you can get a geiger counter from Sparkfun/etc. for
> ~$99, but you're not going to get anything intentionally radioactive 
> shipped cheap from China.

Could you hack a smoke detector? They use (IIRC) Americanium decay to
ionise an air path to a detector. You might be able to use the voltage
variation in that circuit with very little modification, without even
opening the case perhaps (which is good, because Americanium is
supposedly somewhat toxic)?

Of course, then you'd have to watch out that an attacker doesn't smoke
in the same room as your entropy source... ;)

On Thu, 17 Oct 2013 13:45:10 -0700
Bill Stewart <bill.stewart at pobox.com> wrote:

> At 09:56 AM 10/17/2013, grarpamp wrote:
> >I'd guess that with good sources, today's prng code is sufficiently
> >strong and at least some unix systems do save state across reboot.
> 
> >Now if someone would just sell a completely open discrete logic
> >serial port hw entropy source for under $50... that would end
> >a lot of the talk. Even with a more costly radiation source rather
> >than other phenomena you'd still likely make good profit in quantity
> >from China at that price.
> 
> First of all, lots of important hardware doesn't have ports on it,
> particularly virtual machines, which have a whole raft of issues
> even if you're running them on a server you physically control rather
> than somebody else's cloud service.  The server has some ports,
> but you need to make sure your hypervisor and clients have drivers
> that will let the client access the hypervisor's /dev/random or
> equivalent. VMware will have to do their own; you might contribute to
> OpenStack.
> 
> Another important kind of hardware where that doesn't work are
> home routers, because the market price of $29-99 can't support much
> extra money for randomness hardware; if it's not in the ARM core
> or whatever other low-power cheap CPU, then it's only going to be
> able to extract entropy from timing and network traffic,
> and there's unlikely to be a high-precision clock chip.
> Maybe you can get the manufacturer to burn a pseudo-random number
> into the box along with the ethernet MAC or something,
> but otherwise it's going to have to be software.
> (So maybe you can augment Tomato/WRT-11/etc to listen for traffic
> for a while before starting, and write an app for your PC
> that beacons some entropy for the router to listen to?)
> 
> As far as your entropy dongle goes, the only way to get it cheap
> is to make large volumes, which means you need a device that's
> intended for some other application, like a $20 TV tuner/audio frob
> or a webcam in a dark can getting CCD noise, or a webcam you wave at.
> If you want speed, you need USB, not serial, but that's fine,
> because almost nobody's including real serial ports these days.
> If you want slow, you can get a geiger counter from Sparkfun/etc. for
> ~$99, but you're not going to get anything intentionally radioactive 
> shipped cheap from China.
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20131017/db094a49/attachment-0002.sig>

More information about the cypherpunks mailing list