[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: One-Time-Pad generation from audio device



On Mon, 2 Oct 1995, Yih-Chun Hu wrote:

> I wouldn't bet on it. I did a similar hack with perl, with a much more
> conservative 5 seconds to 32 bytes. That didn't cut it, when I ent'ed the
> result it gave 6 bits of entropy / 8 bits of output.

How did you measure the entropy of the output ?

> Um.. I would try to generate bits quickly, then securely, so for example
> you get a 2k buffer and do it 5 sec / 128 bits. Then slow down and overwrite
> the buffer and give warnings if the user wants to use the bits too early.

Ah, well the idea is that they can just generate a OTP when they have a 
few spare hours, not that they'd be generating it in real-time. The 
Privtool code does use realtime generation of random numbers, but it has 
a lot of input data other than the audio (e.g. mouse movements, MD5 
hashes, etc).

		Mark