hardware RNG

Andy Isaacson adi at hexapodia.org
Mon Sep 9 21:38:13 PDT 2013


On Mon, Sep 09, 2013 at 12:58:28PM -0700, Bill Stewart wrote:
> At 12:32 PM 9/9/2013, Juan Garofalo wrote:
> >very naive question here :
> >Wouldn't it be possible to build a RNG using something like a
> >zener diode and a $2 microcontroller?
> 
> Sure, and if you like playing with Arduinos and similar electronics,
> it'd be a good experiment.

If you go down this path, you'll want to review the math at

http://www.av8n.com/turbid/paper/turbid.htm

> The main issues you run into (besides getting a decent fast USB
> interface without having to use surface-mount electronics, which are
> annoying to solder),
> are validating the quality of the randomness and getting enough
> speed to be useful (which depends not only on your noise quality but
> also on whether you're using a USB-enabled chip or just bit-banging.
> 
> DieHard http://en.wikipedia.org/wiki/Diehard_tests is probably still
> the standard quality test - your noise is almost certain to be
> biased, rather than purely uniform, so you'll need to whiten the
> data and adjust your entropy estimates appropriately.

Diehard is very good at what it does ... but what it does is not very
useful for validating a HWRNG.  There's a long but very clear
explanation of why, including examples, in the Turbid paper, section 7:

http://www.av8n.com/turbid/paper/turbid.htm#sec-measurement

-andy



More information about the cypherpunks mailing list