[350] in cryptography@c2.net mail archive
FWD: Hot and cold running randomness
daemon@ATHENA.MIT.EDU (Bill Stewart)
Sat Mar 15 16:11:10 1997
Date: Fri, 14 Mar 1997 18:32:00 -0800
To: cypherpunks@toad.com, cryptography@c2.net
From: Bill Stewart <stewarts@ix.netcom.com>
Cc: dwing@cisco.com, kelvin@fourmilab.ch
The following article was on RISKS Digest.
Obviously it's not usable for cryptographic randomness,
since you can't trust the path to be safe from eavesdroppers
(even if you're using SSL/RC4-128, can you trust the far end?
or from denial of service attacks (so be careful about wiring it in),
but sometimes you just want a good-quality random number to seed things,
such as a simulation program, and it might not be a bad thing to
hash in to your entropy pool with locally-derived sources.
------------------------------
Date: Mon, 10 Mar 1997 13:10:36 -0800
From: dwing@Cisco.COM (Dan Wing)
Subject: Hot and cold running randomness
TBTF's 9 Mar 1997 issue carried this item:
#..Hot and cold running randomness
#
# Perhaps for the first time, anyone with an Internet connection can
# tap a source of true randomness. The creator of HotBits [16], John
# Walker <kelvin@fourmilab.ch>, describes it as
#
# > an Internet resource that brings genuine random numbers,
# > generated by a process fundamentally governed by the inherent
# > uncertainty in the quantum mechanical laws of nature, directly
# > to your computer... HotBits are generated by timing successive
# > pairs of radioactive decays... You order up your serving of
# > HotBits by filling out a [Web] request form... the HotBits
# > server flashes the random bytes back to you over the Web.
#
# Walker modified an off-the-shelf radiation detector to interface to
# a PC-compatible serial port, and ran a cable three floors down from
# his office to a converted 70,000-litre subterranean water cistern
# with metre-thick concrete walls, where the detector nestles with a
# 60-microcurie Krypton-85 radiation source.
#
# If you're in the mood for an anti-Microsoft rant of uncommon eloquence,
# Walker can supply that too [17].
#
# Thanks to Keith Bostic <bostic@bostic.com> for the word on this
# delightful service.
#
# [16] <URL:http://www.fourmilab.ch/hotbits/>
# [17] <URL:http://www.fourmilab.ch/hotbits/source/hotbits-c.html>
An interesting idea, but hopefully no will use it -- it is too easily
spoofed via DNS, and the host itself could be hacked to return the same
'random' number all the time. (Maybe after we have IPsec, SecDNS, _and_ you
trust the host we could use services like this on the Internet).
Dan Wing dwing@cisco.com
------------------------------
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
# (If this is a mailing list, please Cc: me on replies. Thanks.)
