All geek questions in one place

True atmospheric noise random number generator

I need to create a One Time Pad system, and for this I need to build my own TRNG. I want to know how to make record atmospheric noise and use it to generate random numbers. I still tried to write a WAV file and read it in Java, but the values ​​do not seem very ... random. Any suggestions? I know about Random.org, but I can’t use their generators, I need to build my own, so I want to understand how people on Random.org created their number generator, with atmospheric noise, as a source of “randomness”.

+4
source share
5 answers

Non real time solution

What you can do is record the sound surrounding the room and save the temporary WAV file. If you know how a WAV file based on the RIFF specification works. Then split the WAV header with a length of 44 bytes. Then read the audio bytes and make the appropriate conversions depending on whether you want to create WORDS, DVords or BYTES, it is up to you. Then you should have some random values ​​to work. Then use these random values ​​accordingly.

Real solution

Since I do not know if you want to program this in Java or in some other language. In addition, I do not know the intended platform; therefore, I cannot recommend you any real-time audio processing libraries.

In C #, you can use NAudio, and you can record real-time audio and receive audio bytes. Then you can convert the audio bytes to DWORD, QWORD, WORD, etc. You must have some random values. Remember to stop recording and release unmanaged resources when you stop generating random numbers.

Good WAV File Specification Resources

The wav file structure

Specification Link (easy to understand)

+4
source

The answer is unknown and perhaps deliberate. Although it’s hard to be sure, the site seems to be a combination of charitable and nonprofit work. Each radio source generates only a few kilobytes of random data. As he describes this in many references, I see no evidence of CSRNG. It does not matter. For OTP purposes, if it is not truly random, this is an illustrious stream cipher. (I think Bruce and the others always talked.)

It’s hard for me to remember when a good CSRNG was broken. I would recommend using something like ISAAC or a properly implemented block / stream cipher. Perfect Paper Passwords does it. Use the Fortuna construct with Fortuna's internal components using the above ciphers / algorithms to get most of the random data. Fortuna can regularly enter TRNG data into it. The best TRNG for the budget is random.org plus locally generated stuff. The best low-cost hardware solution is the VIA Artigo board with VIA Padlock (TRNG + acceleration for SHA-1, SHA256, AES and RSA) for $ 300. They have libraries to help you use things. (There's even a pseudo-TRNG that uses processor time under network load.)

Remember that cryptography is usually the strongest link in the chain. System security exists at many levels: processor, firmware, peripheral firmware (esp DMA), kernel mode code, OS, trusted middleware or OS functions, application. Security generally includes users, policies, physical security, EMSEC, etc. Anyone who cares too much about RNG usually spends energy. Just use the decision made or something that I mentioned above. Then focus on the rest. Especially how people and systems interact. Configuration, correction, choice of OS, policies. Most problems happen there.

+3
source

I recall an article about random.org that I cannot find right now. I all remember that they used the lsb noise that they measured. MSBs, of course, will not be random. Then a line of 1s and 0 based on lsb is generated. Do not do something stupid like a simple binary conversion that won't work. You may have to try the noise in binary so that the lsb distribution has a more even sampling.

The trick they used to ensure even distribution was not to use this string of 1 and 0 as random numbers. Instead, they will parse the string, 2 bits at a time. Each time a bit matches (i.e. 00 or 11), they add 1 to their random string. Each time the bits were flipped (e.g. 01 or 10), they added 0 to their random string.

If you are creating your own TRNG, be sure to check it out!

+2
source

It is hardly possible to get real random numbers from software. Even the static in your wav file is likely to depend on the periodic EMI generated by your computer, and therefore is not purely random.

Can you use special equipment or are you forced to stick with clean software? Why don't pseudo random numbers meet your needs? They will do their best on a relatively small number of random samples. Since you want to use random numbers in OTP, I think you will not use it on a large scale.

Can you provide more details?

0
source

The atmospheric noise approach to random number generation is complex because the atmosphere is filled with nonrandom signals, all of which pollute the entropy you are looking for. There is an easier way.

Most likely, your processor already contains a true random number generator, assuming that you have a Core / Xeon processor based on the Ivy Bridge, which became available in April 2012. (The new Haswell architecture also has this feature.)

Random Intel Generator uses random thermal noise effects inside an intermittent digital circuit. Thermal noise is just random atomic vibrations, which is pretty much the same basic physical phenomenon that Random.org uses when it experiences atmospheric noise. The sampled random bits undergo a complex conditioning and testing process to eliminate contamination from non-random signals. I highly recommend this excellent IEEE Spectrum article that details the process.

Intel has added a new x86 instruction called RDRAND , which allows programs to directly extract these random numbers. Although Java does not yet support direct access to RDRAND , JNI is possible. This is the approach I took with the drnglib project. For instance:

 DigitalRandom random = new DigitalRandom(); System.out.println(random.nextInt());

The nextInt() method is implemented as a native JNI call that calls RDRAND . Performance is pretty good considering the quality of randomness. Using eight threads, I created ~ 760 MB / s of random data.

0
source

Source: https://habr.com/ru/post/1379434/

More articles:


All Articles