1993-06-22 - hardware RNG

Header Data

From: Douglas Sinclair <dsinclai@acs.ucalgary.ca>
To: cypherpunks@toad.com
Message Hash: d3a8aea0d29804d00118b7df65ee81204e7f8c948d5105ce23ad63de23446b92
Message ID: <9306220012.AA37450@acs1.acs.ucalgary.ca>
Reply To: N/A
UTC Datetime: 1993-06-22 02:54:11 UTC
Raw Date: Mon, 21 Jun 93 19:54:11 PDT

Raw message

From: Douglas Sinclair <dsinclai@acs.ucalgary.ca>
Date: Mon, 21 Jun 93 19:54:11 PDT
To: cypherpunks@toad.com
Subject: hardware RNG
Message-ID: <9306220012.AA37450@acs1.acs.ucalgary.ca>
MIME-Version: 1.0
Content-Type: text/plain

A while back there was lots of discussion in the list about hardware
random number generation.  The consensus was that diode white noise
was the easiest thing to use.  It probably is, but I havn't been able to
persuade a single diode to be noisy yet.  Anyhow, I turned to the simplest
white noise source that I have, which happens to be a radio tuned to a dead
channel.  I hooked that up to a home made interface board that has previously
served as a frame grabber, and wrote some software to grab random numbers.
The hardware compares the signal to four known voltages, and sets the feedback
pins on my printer port correspondingly.  Thus, I get a nibble of information
every cycle.  However, it's fairly interrelated (if the high bit is set, the
low ones must be set too, &c).  So, this is the scheme I came up with to
randomize it.
Read two nibbles and concatenate them into a byte.  Take the parity of this
byte to give you one bit.  Read eight bits this way, to make one byte.
Read 128 bytes by this method, and take a MD5 hash of this data.  Use the 16
byte message digest as the final random bitstream.  Do this as many times
as needed to get the desired number of bytes.
Using the ENTROPY1 software submitted to the list by Peter Meyer, I determined
that a 1000000 byte file had a relative entropy of 0.999980.  This seems
close enough to 1 for cryptographical use.  For each bit of output, 64 bits
have been read from the device.  The MD5 transposition should eliminate all
of the wave nature of the signal and make adjacent bytes unrelated.
So, the question now is, is it safe?  An obvious method of attack is to simply
connect an identical device to a radio and grab identical data.  However, I
feel this is unfeasible.  Radio noise is omnidirectional and thus (I think)
should give you very different signals at different geographic locations due
to the different phases of the various sources.  There are too many variables
in the hardware itself.  What frequency is it at?  What are the comparison
values set to?  What other method could be used to attack this except for the
obvious tempest attack on the host computer?
Version: 2.3

PGP 2.2 Key by finger