From: Adam Shostack <adam@homeport.org>
Date: Mon, 2 Oct 95 21:34:52 PDT
To: mark@unicorn.com (Rev. Mark Grant)
Subject: Re: One-Time-Pad generation from audio device
In-Reply-To: <Pine.3.89.9510021627.A14466-0100000@unicorn.com>
Message-ID: <199510030437.AAA05775@homeport.org>
MIME-Version: 1.0
Content-Type: text


	If there is no microphone plugged into the audio port, the
random numbers tend to be of very poor quality.  (At least on a sun,
visual inspection of the output shows how poor the numbers are.)  I
suspect a few quick tests, followed by warnings to the user to turn on
the microphone, would be quite useful.

Adam


% head /dev/audio | od | head
0000000  077776 077777 077377 177577 177777 177377 177576 077776
0000020  077776 177577 077376 077376 077577 177576 177177 077376
0000040  077576 077776 077377 177777 177576 177377 077377 077377
0000060  077576 177775 077576 177776 177576 177377 177176 177177


| The code basically reads in a 512-byte block from /dev/audio, then takes
| the MD5 of that block to generate 16 bytes of the OTP. The raw audio data
| I'm getting is not particularly random and will compress by 3:1 using gzip
| or compress, so I'm assuming that using a 32:1 ratio here via MD5 will
| give a truly random output (it's certainly uncompressible).
| 
| Before I release the source code to the Net, can anyone give me any good
| reasons to believe that this won't produce physically random output, or
| make suggestions on how to test, or improve, the generated output ? There's
| a #define which can be used to easily increase the amount of data fed into
| the MD5, but at the moment it will only generate about 1 MB per hour on a
| Sparcstation (limited by the audio input rate), so I don't want to
| increase that if I don't have to. 



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume