[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Random Hiss from Mac mike

I've been looking at using the Mac's Sound Input Manager for hardware RNG.
The advantage of it is that (1) most macs have a microphone port these
days, (2) it doesn't involve any user interaction, (3) the API is easy.

What I don't know, is how secure it is.  Or more precisely, I don't know
how much entropy is contained in the signal.

In the simplest case, where the microphone is not attached, the signal
consists of  long runs of '0x80's alternating with '0x7f's.  Now, I have no
problem transforming this into uniformly distributed RN's : just hash the
buffer with MD5.

My question is, how many bytes get fed into the hash?
Obviously, enough bytes so that I have 128 bits of entropy.

Preliminary tests give me a max entropy of about .65 bits per sample byte.
That's not very much, but if I can sample at ~20 KHz, that's 1625 bytes per

That's estimated by recording the length of runs and computing the entropy over
the entire sample: i.e. the sum (for k = 1 to 120) of -(fraction of runs of
length k * log2 of that fraction). That works out to about 3.3 bits per run
with an average run of 5.1 bytes.

I suspect there's much less entropy in that signal than even this estimate,
but I don't have any way to conduct tests with pure 50 cycle power and
uniform ambient temperature.  Or whatever else biases the signal.  For all
I know, every time someone in this building starts his microwave it biases
the signal.

Does anybody have any experience/advice in this area?

Thank you VERY much!  You'll be getting a Handsome Simulfax Copy of your
OWN words in the mail soon (and My Reply).
<[email protected]> PGP Print: 0529 C9AF 613E 9E49  378E 54CD E232 DF96
   Thank you for question, exit left to Funway.