1997-03-15 - FWD: Hot and cold running randomness

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: cryptography@c2.net
Message Hash: ad26938190eaf78ac3b5d12388421b8eefef0d52e061e0042b56c1d68458b42a
Message ID: <3.0.1.32.19970314183200.00640df0@popd.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1997-03-15 05:06:20 UTC
Raw Date: Fri, 14 Mar 1997 21:06:20 -0800 (PST)

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 14 Mar 1997 21:06:20 -0800 (PST)
To: cryptography@c2.net
Subject: FWD: Hot and cold running randomness
Message-ID: <3.0.1.32.19970314183200.00640df0@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


The following article was on RISKS Digest.
Obviously it's not usable for cryptographic randomness,
since you can't trust the path to be safe from eavesdroppers
(even if you're using SSL/RC4-128, can you trust the far end?
or from denial of service attacks (so be careful about wiring it in),
but sometimes you just want a good-quality random number to seed things,
such as a simulation program, and it might not be a bad thing to
hash in to your entropy pool with locally-derived sources.
------------------------------

Date: Mon, 10 Mar 1997 13:10:36 -0800
From: dwing@Cisco.COM (Dan Wing)
Subject: Hot and cold running randomness

TBTF's 9 Mar 1997 issue carried this item:

#..Hot and cold running randomness
#
#    Perhaps for the first time, anyone with an Internet connection can
#    tap a source of true randomness. The creator of HotBits [16], John
#    Walker <kelvin@fourmilab.ch>, describes it as
#
#      > an Internet resource that brings genuine random numbers, 
#      > generated by a process fundamentally governed by the inherent
#      > uncertainty in the quantum mechanical laws of nature, directly
#      > to your computer... HotBits are generated by timing successive
#      > pairs of radioactive decays... You order up your serving of
#      > HotBits by filling out a [Web] request form... the HotBits
#      > server flashes the random bytes back to you over the Web.
#
#    Walker modified an off-the-shelf radiation detector to interface to
#    a PC-compatible serial port, and ran a cable three floors down from
#    his office to a converted 70,000-litre subterranean water cistern
#    with metre-thick concrete walls, where the detector nestles with a
#    60-microcurie Krypton-85 radiation source.
#
#    If you're in the mood for an anti-Microsoft rant of uncommon eloquence,
#    Walker can supply that too [17].
#
#    Thanks to Keith Bostic <bostic@bostic.com> for the word on this 
#    delightful service.
#
#    [16] <URL:http://www.fourmilab.ch/hotbits/>
#    [17] <URL:http://www.fourmilab.ch/hotbits/source/hotbits-c.html>

An interesting idea, but hopefully no will use it -- it is too easily
spoofed via DNS, and the host itself could be hacked to return the same
'random' number all the time.  (Maybe after we have IPsec, SecDNS, _and_ you
trust the host we could use services like this on the Internet).

Dan Wing  dwing@cisco.com

------------------------------


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)






Thread