Producing crypto-quality randomness in a computer is a perennial issue in cryptography. Gleaning randomness from input/output events, such as keyboard and mouse actions or disk activity, works in many cases, but is less than ideal. New applications for secure computing employ diskless nodes with little or no user input. The best solution is to build a randmoness source into the CPU as Intel has done with the newer Pentium chipsets. Until this practice is commonplace, there is a need for other robust solutions.
Since most computers now come with sound input, one approach is to connect a white noise source to the computer's sound port. An alternaive is to use USB or serial ports. I've done some poking around on the Internet looking for white noise sources and have decided to summarize my findings here. I have not tested these products and am not endorsing ANY of them. Prices and your mileage may vary.
There are a number of commercial products on the market that create white and/or pink audio noise. They are sold for testing sound systems, covering room noise (for privacy and alleged productivity improvement) and for relief of Tinnitus (pronounced ti-night'-us or tin'-i-tus), the medical term for the perception of sound when no external sound is present; often referred to as "ringing in the ears."
Caution: Many commercial white and pink noise sources use a digital random number source. Since their output is largely predictable, digital sources must be avoided for cryptographic use! Here is an example of what to aviod: PINK NOISE GENERATOR KIT While inexpensive ($19.99 Canadian) from Qkits, this unit uses pseudo-random digital noise so it is not suitable for crypto use, unfortunately. (We used to list some inexpensive units that seemed suitable, but they do not appear to be available any more.)
If you have some basic electronics skills, you can easily build one of these units. Buying the parts off the rack and building the unit yourself means one less supplier you need to trust.
Will Ware makes the valuble suggestion to use a Maxim MAX232 line converter part, which runs on +5 VDC and produces +/- 10 Volt outputs, allowing the above designs above run on +5 power.
You can get some randomness into your computer by connecting a microphone, radio or television to you sound input jack. The radio or television should be tuned to an unused channel. A microphone should be placed near a constant source of noise, such as the computer's fan. It is hard to characterize just how much noise such sources can dependably produce. There is also a danger that an attacker can figure out the channel your radio or TV is tuned to and transmit a known signal during an attack.
Caution: If you have a microphone connected to a networked computer, do not discuss sensitive information (like passwords) nearby.
Sound input is built into most consumer desktop PC's these days and all new Macintosh computers (except the iBook) have it. If your desktop PC does not have sound input, you can add an inexpensive ISA or PCI sound card.
If you don't have any slots available, but have a newer PC or Macintosh iBook, you can use a USB sound input device. The nice thing about USB is that you can daisy-chain up to 100 or more devices off of a single USB port. A number of lower cost USB audio input accesories are available. MacInTouch has a good list of USB devices.
Note: The Sound Blaster 16 family "line-in" input has an impedence of 47K ohms and is sensitive to 0 - 2 Volts peak-to-peak. A Powermac G3 has similar sensitivity, and an input impedence of at least 20K ohms. These units generally accept a 3.5-mm sterio mini plug for line input.
SoundBlaster The PC classic. Most consumer machines emulate its features.
Harmony Central®: SONICport USB Audio Interfaces from Opcode A high quality unit, but the price is steep. $250
Griffin Technology iMic. "The iMic™ universal audio adapter is a USB device that allows the connection of virtually any microphone or sound input device to any ...Mac or PC with a USB port. ...the iMic has 1/8" inputs and supports both line and mic level input. ... only $40."
A Webcam video camera can provide randomness in two ways: by photographing an unpredictable scene and by the quantization noise inherent in digitizing an image. As to the former, SGI suggests pointing your camera at a LavaLamp. Streamers or a mobile blowing in a fan-generated breeze could work just as well. So might a tropical fish tank.
These products claim to provide true random bits, or close to. Most connect via a serial port.
SG100 Security Generator This compact unit costs $140 quantity one, including drivers for Windows 98/XT, NT and Solaris. Volume discounts are available. The SG100 connects to (and is powered by) a 9-pin serial port.
True Random Number Hardware Generator: The ComScire QNG $295. The User's Manual and an extensive bibliography are available on-line. Only MS DOS and Windows NT software drivers available.
HG 324 hardware random number generator capable of delivering bits at up to 1.2 megabit/sec. PC parallel interface. Serial adaptor available. Drivers for Linux and Windows. $350 plus shipping.
Atom Age Random Number Generator, generates random numbers via quantum mechanical randomness [diode noise].
Aware Electronics Corp. This company makes Giger counters that plug ino a PC. $150 - #350
Also see Cryptography.com for their review of the hardware RNG included in the Intel Pentium III and VIA microprocessors.
Software is a whole other matter. In general input bits will have to be distilled (one bit output for every N bits input) and whitened. This is best accomplished with a cryptographic hash, such as MD5, SHA1 or RIPEM. In addition, it is important that the noise source be constantly checked for proper operation. RFC1750 has some recomendations along these lines. See the information references, especially Wagner, for more details. Part of my motivation for creating this page is to inspire someone to develop an open-source hardware RNG support package for Linux and other operating systems.
Damien Miller has written a piece of software called audio-entropyd that periodically reads audio from a stereo soundcard and feeds the difference between the left and right channels into /dev/random (via SHA1). The time between reads, size of the input buffer, length of the hash and number of bits credited to the KRNG are all user configurable. See: http://www.linux.org/apps/AppId_674.html
Randomness for crypto An excellent collection of resources assembled by David Wagner. I have duplicated some of his hardware links here, but I have not duplicated his software or informational links, including RFC-1750. A few links have 404'd.
Using and Creating Cryptographic-Quality Random Numbers A good overview by Jon Callas.
Random Electrical Noise: A Literature Survey by Terry Ritter. Lots of good information, including how to measure noise voltage.
http://www.gamingip.com is a Web page full of patents concerning gambling.
High-Entropy Symbol Generator by John S. Denker. "...harvests entropy from physical processes in the computer's audio I/O system... The entropy is calculated, not statistically estimated..." Lot's of theoretical and practical detail.
One security risk is that someone might switch your hardware RNG with a unit that was driven by a pseudo-random generator. The security of your cryptographic system is only as good as its physical security. Here are some interesting pages on locks and safes.
Books - Locks, Lock Picking, Safecracking, Burglar Alarms, Burglary
alt.locksmithing answers to Frequently Asked Questions (FAQ)
Ritter's Noise Glossary Definitions of "Noise Characterization Terms."
Ritter's Crypto Glossary "Hyperlinked definitions and discussions of many cryptographic, mathematic, logic, statistics, and electronics terms used in cipher construction and analysis."
RFC-2828 -- Internet Security Glossary "...provides abbreviations, explanations, and recommendations for use of information system security terminology. The intent is to improve the comprehensibility of writing that deals with Internet security, particularly Internet Standards documents (ISDs)."
EKMS, FIREFLY AND CRAZY 10 You think we're busting your chops by telling you to worry about where your random numbers come from? See how the pros do it.
A fun intro to the STU-III The pros also have a hard time getting people to take crypto seriously.
Ray Kopsa's Shortcut to Cryptography All the links you need on just one page, including some on random numbers.
by Arnold Reinhold Please send comments.
Originally posted 1999-8-17 rev. 1999-9-22, 2000-4-13, 2000-6-8, 2000-8-23, 2000-11-16, 2001-1-11, 2001-10-1, 2002-6-3, 2002-12-29, 2003-1-6, 2003-4-11, 2005-4-22
