1994-04-29 - Re: Random #’s via CD-ROM?

Header Data

From: “Perry E. Metzger” <perry@snark.imsi.com>
To: grendel@netaxs.com (Michael Brandt Handler)
Message Hash: 949643ca7bc44aa07f714634e1ea8eca881c3a2fae1a5e5d10cc9a67162bf5cd
Message ID: <9404291108.AA21168@snark.imsi.com>
Reply To: <199404290142.VAA04213@access.netaxs.com>
UTC Datetime: 1994-04-29 11:08:36 UTC
Raw Date: Fri, 29 Apr 94 04:08:36 PDT

Raw message

From: "Perry E. Metzger" <perry@snark.imsi.com>
Date: Fri, 29 Apr 94 04:08:36 PDT
To: grendel@netaxs.com (Michael Brandt Handler)
Subject: Re: Random #'s via CD-ROM?
In-Reply-To: <199404290142.VAA04213@access.netaxs.com>
Message-ID: <9404291108.AA21168@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain

Michael Brandt Handler says:
> 	[1] Read a pseudo-random section from the CD-ROM. Unless you catch
> the blank end of a sector, you should obtain random data (this is one
> obvious problem with this method).

How do you pick the random section in the first place? Oh, I see, we
use a random number generator!


Its very hard to determine if a pseudrandom number generator is "good
enough" for cryptographic purposes. Many generators that look "good
enough" for doing normal work fail miserably for cryptography. If one
is using, say, a one-time pad, one has a need to generate a large
number of truly random numbers quickly. Hacked up schemes usually
don't cut it when thats the case.

If you only need a few bits, you might as well use a non-deterministic
process outside of the program's control, like a user tapping a key.
However, for work requiring significant numbers of bits, ad-hoc
methods fail miserably.

> 	Place an *audio* CD in the CD-ROM drive. Most CD-ROM drives know
> about audio discs now, and I believe they can be made to read the binary
> waveform data even if they don't understand the Red Book audio
> format.

If you are going to use this for cryptography, is an ancient cipher
known as a book cipher, updated to use CD-ROMs. This is NOT a secure
way to encrypt things. Although its probably better than most silly
schemes people come up with, it isn't as good as real cryptosystems,
and they are available, so why use such a hack?

> 	What do you all think?

I think its good that you are evincing enthusiasm, but I really think
you ought to learn more cryptography. Remember, most obvious ideas
have already been thought of -- others are often as bright as you are,
and have come before you. Ask yourself why someone else hasn't done it
before proposing things.