[7265] in cryptography@c2.net mail archive
Re: random seed generation without user interaction?
daemon@ATHENA.MIT.EDU (Dennis Glatting)
Tue Jun 6 11:28:30 2000
Message-ID: <393D04AC.8E119B01@software-munitions.com>
Date: Tue, 06 Jun 2000 07:03:24 -0700
From: Dennis Glatting <dennis.glatting@software-munitions.com>
MIME-Version: 1.0
To: John Kelsey <kelsey.j@ix.netcom.com>
Cc: cryptography@c2.net, Jeff.Hodges@stanford.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
John Kelsey wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> At 07:08 PM 6/5/00 -0700, Jeff.Hodges@stanford.edu wrote:
> >So I'm curious about what all methods do folks currently use (on NT
> >and unix) to generate a random seed in the case where user
> >interaction (e.g. the ol' mouse pointer waving or keyboard tapping
> >approaches) isn't a viable option?
>
> If the machine has a microphone, you can get some unpredictable bits
> from internal noise in the circuit, and also from real noise in the
> room the computer's in. There's probably a tiny bit of entropy
> available even in the worst case imaginable from network packet
> arrival times, if you can get them. And Jack Lacy and Matt Blaze did
> some clever stuff with something called ``truerand,'' which tries to
> measure clock jitter between the CPU clock and the external clock
> used to get the time of day. Peter Gutmann's cryptographic library
> has OS polls that seem to have some entropy in them, even without
> user interaction, presumably ultimately based on hard drive timings,
> clock jitter, etc. Hard drive timings can also provide some
> unpredictable bits.
>
There is an article (somewhere) on the net of digital cameras focused
on lava lamps. Photos are taken of the lava lamps and mixed into a
hash function to generate random data. I believe the author had some
algorithm for turning the lamps on and off, too.
I don't know how random it is, but it sounds really cool. :)
