[149139] in cryptography@c2.net mail archive
Re: [Cryptography] cheap sources of entropy
daemon@ATHENA.MIT.EDU (ianG)
Mon Jan 20 14:17:00 2014
X-Original-To: cryptography@metzdowd.com
Date: Mon, 20 Jan 2014 21:35:50 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com
In-Reply-To: <1236044522.20140120185403@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 20/01/14 20:54 PM, Kriszti=E1n Pint=E9r wrote:
> =
> ianG (at Saturday, January 18, 2014, 9:17:17 AM):
> =
>> Jon Callas (I think) a long time ago suggested pointing your cheapo USB
>> camera at a photographer's grey card in low light. The theory is that
>> the cells in a camera seek for information and if they don't see
> =
> collecting entropy is easy. extracting entropy is also easy. providing
> a general solution that reliably produces entropy is hard. just as an
> example, take this camera project. the following questions come up,
> from the top of my head:
> =
> - what if the camera breaks?
> - what if the camera entropy production degrades with time?
> - what if lighting conditions change?
> - what if the driver is updated, and starts filtering noise?
> - what if the driver is updated, and stops producing data?
> - what if temperature variations affect entropy production?
> - what if an attacker can listen on in EM, and read your camera output?
> - what if another software on the same machine can read camera output?
> - what if the janitor accidentally unplugs the camera?
> =
> in short: if you have an engineer, some free hours to spend, and you
> want to generate some randomness at a certain location, with a
> specific hardware, in a specific setting, it is always easy to do. but
> these solutions do not transfer to different situations, and does not
> apply to anyone with no engineer hours to spend.
Indeed. I should mention that the context was the key creation ceremony
where I could monitor the situation. I don't see it as a general solution.
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
