5

I have to build an One Time Pad system and for that, I have to build my own TRNG. I want to know how to make record atmospheric noise and use that to generate random numbers. I've tried so far to record a .wav file and read it in Java, but the values don't seem very...random. Any suggestions? I know about Random.org, but I can't really use their generators, I have to build my own, so what I want is some insight into how the folks at Random.org have built their numbers generator, with atmospheric noise as a source of 'randomness'.

ROMANIA_engineer
  • 54,432
  • 29
  • 203
  • 199
joanna
  • 743
  • 3
  • 13
  • 27
  • just out of curiousity, do you have physical device to capture the atmospheric noise? – yosukesabai Nov 03 '11 at 07:46
  • I've used Audacity sound editor to record a sample, I thought a simple mic is enough.. – joanna Nov 03 '11 at 07:47
  • if i look at wiki [http://en.wikipedia.org/wiki/Atmospheric_noise](http://en.wikipedia.org/wiki/Atmospheric_noise), it is talking about radio wave... are you sure the sound is supposed to be random? – yosukesabai Nov 03 '11 at 07:55
  • "Atmospheric noise and variation is also used to generate high quality random numbers"...it's so hard to predict, that it's considered random, and that's why physical phenomenons are used for TRNGs. What I need to know is how to record this sound and transform it into numbers...Hardware isn't really my thing.. – joanna Nov 03 '11 at 08:18

6 Answers6

5

Non Real-time solution

What you can do is record the audio surrounding the room before in and save a temporary WAV file. If you know how the WAV file works which is based on the RIFF specification. Then strip the WAV header which is 44 bytes in length. Then read the audio bytes and do the proper conversions depending on whether you want to generate WORDS, DWORDS, or BYTES, it is up to you. Then you should have some random values to work with. Then use those random values accordingly.

Real-time solution

Since I do not know whether you want to program this in Java or some other language. In addition, I do not know the intended platform; so I cannot recommend you any realtime audio processing libraries.

For C# you can use NAudio and you can record the audio in realtime and recieve the audio bytes. Then you can convert the audio bytes into either a DWORD, QWORD, WORD, etc. You should be able to have some random values. Remember to stop recording and to release unmanaged resources when generating random numbers has ceased.

Good Resources On The WAV File Specification

The WAV File Structure

Link to the specification (Easy to understand)

Daniel Lopez
  • 1,728
  • 3
  • 24
  • 40
3

The answer is unknown and probably intentionally so. Although hard to be sure, the site seems to be a combination of charity and for-profit work. Each radio source only produces a few Kbps of random data. How he describes it in many links, I don't see evidence of a CSRNG. It doesn't matter. For OTP purposes, if it's not truly random, it's a glorified stream cipher. (I think that's what Bruce and others have always said.)

I find it hard to recall when a good CSRNG was broken. I'd recommend you use something like ISAAC or a properly implemented block/stream cipher. Perfect Paper Passwords does this. Use a Fortuna construction with the internals of Fortuna using the above ciphers/algorithms to produce the majority of the random data. The Fortuna system can regularly have data injected into it by a TRNG. The very best TRNG on a budget is random.org plus locally generated stuff. The best cheap, hardware solution is a VIA Artigo board with VIA Padlock (TRNG + acceleration for SHA-1, SHA256, AES, & RSA) for $300. They have libraries to help you use things, too. (There's even a pseudo-TRNG that uses processor timing under network load.)

Remember, the crypto is usually the strongest link in the chain. System security exists on many levels: processor, firmware, peripheral firmware (esp DMA), kernel mode code, OS, trusted middleware or OS functions, application. Security as a whole includes users, policy, physical security, EMSEC, etc. Anyone worrying way too much about RNG's is usually wasting effort. Just use an accepted solution or something I mentioned above. Then, focus on the rest. Especially, how people and systems interact. Configuration, patching, choice of OS, policies. Most problems happen there.

slippery
  • 447
  • 3
  • 5
  • 15
Nick P
  • 31
  • 2
  • Also, ignore MBober's comment that pseudo-random number generators are OK for OTP. That defeats the whole purpose of OTP and Shannon's proof that they're information-theoretically secure. The PRNG's aren't unpredictable or resistant to cryptanalysis. That's why cryptographers invented CSRNG's, TRNG's and symmetric ciphers. If PRNG's were enough, I'd be using Xorshift-128... modified for CUDA! Why OTP are a bad choice: http://www.schneier.com/crypto-gram-0210.html#7 – Nick P Apr 15 '12 at 03:33
2

I recall an article on random.org that I can't seem to find now. I all remember is that they used the lsb of the noise they were measuring. The MSBs will certainly not be random. Then then generated a string of 1s and 0's based on the lsb. Don't do something silly like a simple binary conversion, that won't work. You maybe have to sample the noise in binary, to make the distribution of the lsb have a more uniform sampling.

The trick they used to ensure an even distribution was to not use this string of 1's and 0's as the random numbers. Instead they would parse the string, 2 bits at a time. Every time the bits matched (ie 00 or 11) they added a 1 to their random string. Every times the bits flipped (ie 01 or 10) they added a 0 to their random string.

If you make your own TRNG, make sure you verify it!

Miebster
  • 2,365
  • 4
  • 21
  • 27
0

The atmospheric noise approach to generating random numbers is complex because the atmosphere is filled with non-random signals, all of which pollute the entropy you seek. There is an easier way.

Chances are good your CPU already contains a true random number generator, assuming you have an Intel Ivy Bridge-based Core/Xeon processor, which became available in April, 2012. (The new Haswell architecture also has this feature).

Intel's random generator exploits the random effects of thermal noise inside an unstable digital circuit. Thermal noise is just random atomic vibrations, which is pretty much the same underlying physical phenomenon that Random.org uses when it samples atmospheric noise. The sampled random bits go through a sophisticated conditioning and testing process to eliminate pollution from non-random signals. I highly recommend this excellent article on IEEE Spectrum which describes the process in detail.

Intel added a new x86 instruction called RDRAND that allows programs to directly retrieve these random numbers. Although Java does not yet support direct access to RDRAND, it's possible using JNI. This is the approach I took with the drnglib project. For example:

DigitalRandom random = new DigitalRandom();
System.out.println(random.nextInt());

The nextInt() method is implemented as a JNI native call that invokes RDRAND. The performance is pretty good considering the quality of randomness. Using eight threads, I've generated ~760 MB/sec of random data.

cambecc
  • 4,083
  • 1
  • 23
  • 24
  • 3
    Now you suddenly put your trust in Intel to actually implement a true random generator. Is that a wise plan in the light of the recent Snowden-related disclosures? I'd rather trust /dev/random... – cdegroot Sep 10 '13 at 19:41
  • @cdegroot: I recommend reading the comments on this post: https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J. Theodore Ts'o is the maintainer of /dev/random, and David Johnston is the designer of =RDRAND=. – cambecc Sep 12 '13 at 06:20
  • To clarify, Theodore Ts'o is the maintainer of Linux's /dev/random implementation – cambecc Sep 12 '13 at 06:31
  • FreeBSD 10.0 will not use `RDRAND` in their /dev/random – ppaulojr Dec 11 '13 at 12:25
  • actually, they are still planning to use it, but will be conditioning the output and mixing it with other entropy, no? – cambecc Dec 11 '13 at 12:33
0

True random number generators (TRNGs) are usually from natural sources like seismic signals, non-stationary bio-signals, etc. The two issues faced by these generators are: 1) The data points are non-uniformly distributed 2) It takes very long time to generate large sequence of numbers (specially when the requirement is in millions). However, the most important advantage on their part is their unpredictable nature. To overcome their issues and to retain its advantage, it is better to fuse the output of TRNG to seed a pseudo-random number generator. For this, you may try using the amplitude values of atmospheric noise at random time points and use it to seed a PRNG. This will help you to get large numbers of uniformly distributed values. As the seed is unpredictable, the output of PRNG too becomes unpredictable.

user3284005
  • 591
  • 4
  • 4
0

It is hardly possible to get real random numbers out of software. Even the static in your wav file is likely to be influenced by periodic EMI generated by your computer and is therefore not purely random.

Can you use special hardware or are you forced to stick to pure software? Why won't pseudo random numbers satisfy your needs? They will do fine on a relatively small number of random samples. Because you want to use the random numbers in an OTP, I guess you won't be using it in a big scale.

Can you provide a little more detail?

MBober
  • 1,095
  • 9
  • 25
  • It's not a restriction to use pure-software, but I don't want to struggle with lots of hardware if there is a simpler solution. I just wanted to know how Random.org records and uses atmospheric noise for their generator. I've looked at PRNGs, like BlumBlumShub or the MersenneTwister, but I thought that my OTP won't be really an OTP if the numbers used for the key aren't truly random. – joanna Nov 03 '11 at 08:04
  • Well, it looks like Random.org isn't very chatty about the way they generate their numbers. Atmospheric noise might not be the best way because it might be the best way because it might be influenced by the recording equipment. The point is that pseudo-random generators will do just fine with an OTP as long as an eavesdropper cannot observe your random number generator output directly, for example with a lot of chosen plaintext attacks and as long as he doesn't know how your pseudo-random number generator works (polynomial and/or seed). – MBober Nov 03 '11 at 08:37
  • Ok, I guess I'll stick to BlumBlumShub generator. Some suggestions in chosing a random seed? The implementation I've seen in Java uses SecureRandom to get the seed and it also doesn't check that the 2 prime numbers used in the setup phase are actually prime. All in all, the implementation is not "cryptographically secure" – joanna Nov 03 '11 at 08:55
  • @joanna Why BBS? It's damn slow, and its security proof isn't that useful. – CodesInChaos Aug 07 '12 at 18:37