[149122] in cryptography@c2.net mail archive
Re: [Cryptography] cheap sources of entropy
daemon@ATHENA.MIT.EDU (Christian Huitema)
Mon Jan 20 11:10:25 2014
X-Original-To: cryptography@metzdowd.com
From: "Christian Huitema" <huitema@huitema.net>
To: "'Bill Frantz'" <frantz@pwpconsult.com>,
<cryptography@metzdowd.com>
In-Reply-To: <r422Ps-1075i-E0F87A850AF04C7D9F27E6C50696D205@Williams-MacBook-Pro.local>
Date: Sun, 19 Jan 2014 17:04:08 -0800
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
>>Jon Callas (I think) a long time ago suggested pointing your cheapo USB
>>camera at a photographer's grey card in low light. The theory is that
>>the cells in a camera seek for information and if they don't see
>>something that is worth reporting, it drives them a little tipsy. The
>>claim is that this effect can drive them into some form of quantum
>>uncertainty.
>
> I think what is happening here is the effective ISO is being
> pushed up by the low light so there is a lot of noise in the
> amplifiers used to read out the sensor cells. What you are using
> is thermal noise in the amplifiers. You get a lot of readings in
> one photo, and it should be a good source.
The key here is to trust that the camera is not somehow subverted and does
not feed a "pseudo random" set of bits, just like any hardware that has been
modified. But then, if the camera truly delivers the pixels that it sees, I
wonder why I would rely specifically on pointing at a grey card. Simply
pointing at a landscape or an interior scene will probably provide just as
much entropy. Minute differences in the location and orientation of the
camera will cause pixels to shift. In a handheld device like a cell phone,
we can ask the user to take a series of pictures while randomly moving the
phone. Hashing the images will certainly deliver some pretty good input to
the entropy bucket.
-- Christian Huitema
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
