Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Athlon RNG

  • 10-07-2003 4:29pm
    #1
    sidhe
    Closed Accounts Posts: 9


    Right all you security wizards and tom :p

    I'm wantting to as you do get a good source of entropy from a PC and dont want to use the usual windows messages, performance counters, network traffic all of which are to deterministic. So failing a good hsm I'm planning on the RNG on the pentiums and athlons. The intel I've got no problem, but cannt seem to find the information I need to perform the asme function on the amd chip. So anyone got sample code or some good links to it. I'd prefer not to go with MS SSPI and its dervitives solution but will if no other option is available.

    thxs in advance.


Comments

  • #2
    Gavin
    Registered Users, Registered Users 2 Posts: 4,676 ✭✭✭Gavin


    How do you know that the on-chip rng has not been compromised ? Did you get out a electron microscope and check it out ? :)

    You are better off using a lot of different sources, including the on-chip rng to generate a random seed. Put 'em all through a hash ,as I'm sure you know, to 'distill' em as my lecturer liked to say.

    bruce schneier has a rng library that takes a good amount of different random values to produce the seed, windows only though I think. Can't remember the name off hand either...

    Sorry, don't know anything about the athlon either.. Fairly useless post really :)

    Gav


  • #3
    Capt'n Midnight
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 92,986 Mod ✭✭✭✭Capt'n Midnight


    Your PC has a sound card - connect it to a noise generator ...

    you can do tests for randomness - you can decide whether to use bit 1 or all of them (the LSB may be compromised as so many use it)

    noise sources - microphone - if a coil then will also pick up electrical noise from PSU / mains etc.

    FM radio off station
    TV offstation - note the noise is generated internally so you don't get a white dot on the centre of screen

    Again do statistical tests for randomness - (though most pseudo random sequences pass this test too.)

    Other sources of noise - microphone in wind - flushing toilet - hissing (though watch out for resonance)

    Course the drivers could be compromised and/or hardware - hence record wav's on opensource - also get your hands on the olders sound card you can find - then try to figure if any of the chips have intelligence - (also the older the card the more likely any oddities will have been found)

    Joystick port has similar problems - it works on time taken to match the input voltage - but if you can find a really old one it may have a 555 or 556 doing all the work (analog chips so no DSP re-processing)

    BBC (2MHz 6502 8bit) micros has a 12 bit ADC built in - but the last few bits are noisy - again hard to believe that they had tricky stuff back then - and you can modulate the voltage reference as well (uses three diodes in series - so anything less will be the the new ref - zener diodes are nicely noisy - but you'd need to look up the best way to do this and then use two resistors in series ( old noisy ones +/- 20% ) to drop the voltage to something more suitable as an input.)


  • #4
    Gavin
    Registered Users, Registered Users 2 Posts: 4,676 ✭✭✭Gavin


    Originally posted by Capt'n Midnight
    Again do statistical tests for randomness - (though most pseudo random sequences pass this test too.)

    Seemingly if you start off a loop, counting from 1 to whatever, say 100. Hash each number and fire them all into a randomness test. it will register the input as random because the hash's are so good.

    I haven't done this though, I'm not very hot on statistics.

    Gav


  • #5
    sidhe
    Closed Accounts Posts: 9 sidhe


    I've figured it out documentation is there just hard to find.
    Most of the sources of entropy that captain midnight gave aren’t actually all that good most of them are quite cyclic. The idea that by repeatedly hashing a given block of data will somehow give it a greater degree of randomness is actually wrong :)
    If anything you’re diminishing your pool.
    But thanks for the suggestions anyway people.


  • #6
    Capt'n Midnight
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 92,986 Mod ✭✭✭✭Capt'n Midnight


    The signal may be cyclic - but you use the NOISE
    This is why you usually use the LSB - random noise - but actually I'd use the next one in case compromised...and even if cyclic the EXACT value is not predictable... also you can hash it

    digital devices can only generate pseudo random numbers - if you know the algorithm and the seed you can reproduce them.. - in fact if the seed is not sufficiently large you can brute force it...

    analog devices have random noise superimposed on the signal ..

    fluorescent bulbs are good sources of noise.
    geiger counters and radioactive sources are random - but you need lots of shielding etc..

    keystroke delays / mouse movements - if you are sure the driversare not compromised - again using LSB bit 0 (or Bit 1,2 if paranoid)

    could also use stock market prices / weather reports as a way of sharing hash's ...


  • Advertisement
Advertisement