|
Use CCD noise to make the random number generator uncrackable
Random number generators are generally crackable, and some versions of the Debian openssl implementation (used in maemo) is known to be weak (ref http://talk.maemo.org/showthread.php?t=20077)
The solution is to use noise from the CCD as a random number generator. The n800 CCD is quite noisey (when the camera is not ejected, the black screen shows copious random noise). It's also more convenient than asking the user to doodle and press random buttons. |
Re: Use CCD noise to make the random number generator uncrackable
or you could use some component of the cell reception?
If you want to use the camera you've got to engage it, etc, which could be a pain. certainly the front camera would be best as you don't have to open the lens. Or can use the battery power remaining * time or loads of things - it has loads of sensors (motion, bluetooth, ir, gps...) |
Re: Use CCD noise to make the random number generator uncrackable
What's wrong with /dev/hwrng?
|
Re: Use CCD noise to make the random number generator uncrackable
khrm. who says ccd noise is random?
(it is partly but not completely) |
Re: Use CCD noise to make the random number generator uncrackable
Quote:
dd if=/dev/hwrng of=dump In visually examining the hex, I noticed a heck of a lot of 16's. To see if I was hallucinating, I ran this on the file: for x in {0..9}; do od ./dump | grep -c ${x}6; done 11926 11238 7535 7351 7562 7352 6880 7419 0 0 Doesn't look like a very even distribution to me. Not a single 86 or 96 appeared in the sample. I also noticed this bug report on it: https://dev.laptop.org/ticket/8089 |
Re: Use CCD noise to make the random number generator uncrackable
Quote:
Wired did an article on this ~5-8 years ago, iirc. What would you consider to be a more random source available on the nit? |
Re: Use CCD noise to make the random number generator uncrackable
Except that CCD noise isn't random at all, and very much retraceable.
This is especially true for high usage of a CCD sensor. If you have an old camera, and notice "hotspots" (red, green or whatever), then you will understand it quite a bit. What happens is that when the sensor is being used quite a bit, it heats up, and the photosensitive cells react to this heat. Most dSLRs and prosumer P&S cameras include a "noise cancelling" feature for long exposure (any exposure of more than 1/250 of a second), where the shutter is closed, and the sensor is "snapping a picture" of blackness. The hotspots will show up, and then you can run an algorithm to remove the hotspots from the black-box picture in the actual picture. Based on this (quite common knowledge amongst photographers), I would say that this method isn't much more secure than using the CPU's temperature as a seed to initiate the random number generator. That, or the nanotime, or whatever is available on the platform. |
Re: Use CCD noise to make the random number generator uncrackable
Quote:
Code:
$ ent hwrngdumpQuote:
Quote:
|
Re: Use CCD noise to make the random number generator uncrackable
Quote:
The non-random part consists of biases of single transistors and such. The random part consists of real physical random things (e.g. the exact amount of photons that happened to hit this cell during the observation). The trick is to find which part is random and which is not. Counter-thesis: If the noise was completely non-random, it could be exactly determined, and thus completely removed from the result image. |
Re: Use CCD noise to make the random number generator uncrackable
Quote:
Quote:
|
| All times are GMT. The time now is 03:53. |
vBulletin® Version 3.8.8