OneRNG

With the recent discussion here of randomness/entropy, it’s timely that a story emerges of a guy“there’s an avalanche diode, which generates entropy from the quantum noise of its own operation. “That’s not some scary quantum effect that’s hard to understand”, Campbell said, “but it’s a a particularly random type of noise”.
Second, there’s a radio receiver, which Campbell explained to Vulture South picks up noise, of which OneRNG retains the least significant bit, so as “to guard against a third party generating a signal” to try and defeat the randomness of the entropy.”
planning to ship an open-design random number generator.

The hardware is familiar to me. I’ve been doing electronics since the 1960s. He’s using a Zener diode as a noise-source and a radio receiver to pick it up. I think that’s kind of silly because it might open up the process to non-random radio sources. I know about those. I used to work in a cyclotron laboratory where every cable had 28MHz RF dancing on it. I would just pick up the noise directly with a wide-band amplifier and sample it periodically and digitize the stream with an ADC or even a Schmitt trigger. Compare with the average value of the signal and the odds are equal for ones and zeroes.

Whatever. The real issue is the bandwidth of the device and the quality of the data. Any decent computer system may need tons of random bits to do the job. I guess it will work fine for salting more productive methods like multiplicative congruence and descendents (I’ve used RANDU, one of the worst, on a S/360…) but it would not be the best for XORing with data-streams. With the necessity of random number generation in IT these days, it’s a wonder that every CPU or motherboard does not have a really great generator built in.

See Meet OneRNG: a fully-open entropy generator for a paranoid age.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged . Bookmark the permalink.

4 Responses to OneRNG

  1. ram says:

    oiaohm makes some very good points here. Getting “good” random numbers is surprisingly hard. The more you investigate it the more interesting it becomes.

  2. oiaohm says:

    Robert Pogson remember making random generator you don’t need to be anywhere near exact. Being exact is you enemy. This is why a webcam in a box works so well. The read out of a webcam pixel is very much a photons count. Ok may be in the 100’s, 1000’s. 1000000 or even large but for a random source this does not really matter how many photons at a time you are counting just as long you can remove the constant and get the random. Webcam in box is able to generate random multi megabytes of random data per second. And it passes every single standard test for a random number generator.

    Nicely enough all the standard tests for random are built into 1 tool. http://www.fourmilab.ch/random/ enough time is very simple to test if your random number generator is working anywhere near correct. Lets just say Exploit guy of using a block of memory fails ent spectacularly.

    This is why I said Exploit Guy did not have a clue. Yes big issue with OpenSSL is against its own internal random number generator it runs none of the formal tests. Really ent is not hard dump a huge file of what you random number generator produces and have it have a good darn look at it. Now getting 200 to 300 megs out of Exploit Guys code was insanely hard. So I inspected operation. You can fairly much bet if a random generator cannot produce 200 to 300 megs easily of data its not random generator that has been properly tested.

    http://ubld.it/products/truerng-hardware-random-number-generator/

    As you can see here. Using internal computer random sources it takes Linux a long time to recover its entropy pool. Windows has the same issue. Reality is even OpenSSL internal attempts don’t get around the issue. You need a hardware generator if you are running per connection keys other wise your system will always be out of entropy. When Linux kernel random number generator runs out of entropy so does address randomization result all generators depending on this fail as well.

    Programs must the OS provided random number generator functions or have interfaces to real hardware random number generators. OS provided random sources if you pay the right money can have hardware behind them. Of course you must have enough random generators to keep the OS/application random usage so the entropy pools remain filled. If you don’t you can fairly much bet at times you encryption will not be randomized.

    Lack of entropy is a serous Linux/Windows server problem. Please note most random number generators devices have problems that they have no Windows drivers. Yes it easy to get a random number generator device/devices for Linux its down right hard and expensive for Windows. Note the word devices you might need more than 1 to keep up with your workload.

    This entropy problem is one of the issues of hosting in the cloud and not being able to inspect the hardware. You can be on servers without hardware to refill entropy so to be open to encryption collapse due to lack of randomness.

  3. oiaohm wrote, “I really would like to see a random number generator that is truly multi source particularly some form of optical effect.”

    To be really random, incoherent, optical devices have to work at a very low rate, thus being prone to interference by thermal noise and the like. One can fire a laser into some absorber and randomly detect photons coming out the other side. Think a counter running at 100MHz and yielding the number of photons emerging per second or such. That may not be uniformly distributed but the time of arrival would be, so have the photons gate the time on the low bits of the clock.

    One random source many computers have is the audio input. Just short the input and turn up the gain. All you get is resistor-noise, white noise. Digitize that and take a few low-order bits. Still, this is not enough bandwidth for some purposes. Perhaps with a lot of such generators a good rate could be achieved. Someone could build a chip with a million resistors and multiple ADCs.

  4. oiaohm says:

    Robert Pogson inside most cpus is have random number generator.
    https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide
    But they are fairly complex black boxes. It can be quite hard to validate that a random generate that you cannot see how it constructed is not stuffed up. There have been historic issues where in cpu random number generators have turned out not to be random.

    OneRNG I do have issues with it. Its not a multi source.
    Really is not that hard to implement a thermal noise(based on a resisters) and Avalanche noise(based on diodes) in the one device. Both of these react differently to radio interference.

    http://en.wikipedia.org/wiki/Hardware_random_number_generator
    This is the theorys.
    http://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators
    These are ones already on the market. Getting random generator devices for Linux is cheap. Windows kinda expensive.

    Main reason why they are so cheap for Linux is Linux users are not over a barrel. Change to much and Linux user goes for the likes of http://www.vanheusden.com/ved/ It generate quite a suitable random source. Digital Cam flux has been tested by CIA for field operatives needing to rig up a random generator quickly. Its surprisingly high quality source. Yes random light proof box, random light(running from battery AC no good) and 1 webcam and some software. This is to generate a constant stream of random. The biggest problem with this it does not fit into server racks neatly and you need to change batteries every so often.

    The right kind of webcam turns out the be the camera the pi takes on it board.

    Fun part is there is another CIA strange one. Webcam again but this time radioactive smoke detector and place in box. Yes the leaking radiation from the smoke detector makes bits turn on in the webcam sensor. So there are quite a few DIY random number generators don’t in fact require you todo any soldering or electronics just environment set up. Part of the crappy setup enhances the uniqueness of output.

    This is what I love about some of the information that comes out. Of course these have been validated by other groups as methods that truly do work. Strange but work.

    I really would like to see a random number generator that is truly multi source particularly some form of optical effect.

Leave a Reply