Curious RNG stalemate [was: use of cpunks]
Sandy Harris
sandyinchina at gmail.com
Wed Oct 23 06:01:18 PDT 2013
Andy Isaacson <adi at hexapodia.org> wrote:
> On Fri, Oct 18, 2013 at 11:42:21AM -0400, Sandy Harris wrote:
>> > Now if someone would just sell a completely open discrete logic
>> > serial port hw entropy source for under $50...
>>
>> If you have an audio device free or can add one and are using
>> Linux, I'd say Turbid is the obvious solution:
>> http://www.av8n.com/turbid/paper/turbid.htm
>>
>> Open source, ... What's not to like?
>
> It's super frustrating that Turbid assumes you are going to
> reverse-engineer the amplifier stage of your sound card in order to set
> some difficult-to-understand parameters which apparently can completely
> break it's ability to extract entropy if set incorrectly. (See the
> installation instructions in section 12 of the paper linked above.)
>
> It would be much better for it to have a default set of parameters ...
There is configuration info for some common sound devices.
> I mean, seriously. The Turbid authors appear to assume that every
> person who installs Turbid is going to build a custom Y-audio cable and
> put a voltmeter (set to the correct mode of course!) on the outputs of
> their sound card. WTF?
Only people with a device for which a configuration file does
not already exist. If you have to do this, you can send your
file to the Turbid maintainer so others can use it without
having to do the measurements themselves.
Of course, then there is a trust issue. The maintainer may
not have the device in question, so he cannot verify. If
you want to verify, you are back to building a cable.
Without verification, it looks as though someone could
subvert Turbid for a device by submitting a suitably
bogus parameter file.
> It's fine if conservative, default settings result in Turbid getting
> only 100 bits of entropy per second rather than 100 Kbit/sec. Mix it
> into /dev/urandom and call it a day.
I'd also like to see a default parameter file, guaranteed
to give some entropy on a lowest common denominator
device. I'm not sure if that is possible.
More information about the cypherpunks
mailing list