All geek questions in one place

Sources of Entropy on the Internet

To guarantee the integrity of the random number generator, the idea is that users can, if they wish, make sure that the number is actually generated from publicly available sources of entropy. This allows the system to provide its users so that the server does not select a random number. .

$entropy = "what_do_you_think"; $md5 = md5($entropy); /*take the first 10 hex characters of the md5 hash*/ $hex = substr($md5, 0, 9); /*convert the hex to decimal*/ $dec = hexdec($hex); /*use this decimal as a seed*/ srand($dec); /*pick a random number between 0 and 9, ultimately seeded by the entropy*/ $rand = rand(0,9);

My question is: what are some good publicly available sources of entropy (preferably immutable and chaotic) and absolutely referenced that can be chained and filed in md5? Some ideas are specific stock prices, temperature (from an honest source), hashes contained in the bitcoin blockchain ...

+4
source share
3 answers

Check out xhcd geohash algorithm. I think this is pretty much what you are looking for.

http://wiki.xkcd.com/geohashing/Implementations

The geochronization algorithm uses DOW Jones as a source of entropy. This page discusses ways to get the Dow open price online. http://wiki.xkcd.com/geohashing/Dow_Jones_Industrial_Average

But I think the best source of public, immutable, and verifiable entropy can be found in the BitCoin transaction database. It is widely distributed and constantly tested and has a specific protocol.

+2
source

Get it from the physical department.

http://qrng.physik.hu-berlin.de/

http://qrng.physik.hu-berlin.de/download

or simply

http://www.random.org/bytes/

that users can, if they wish, make sure that the number is actually generated from publicly available sources of entropy

How do they do it?

Do you provide real-time access to system memory to ensure that the assembly of the program that collects entropy is correct and not malicious?

0
source

The significance of the safety of using physical entropy lies in the fact that it is unpredictable, that is, unknown to anyone but the buyer. What is the point of using entropy available to anyone? You can also open a Pi printout of up to a million places and select a starting point.

In addition, there is basically no way to determine if the random numbers that the server gives you were actually obtained from the sources of entropy, which they apparently use.

0
source

Source: https://habr.com/ru/post/1432399/

More articles:


All Articles