[cryptography] urandom vs random

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Aug 19 21:00:50 EDT 2013

Sandy Harris <sandyinchina at gmail.com> writes:

>A sound device is available on many server boards and often unused, or you
>can add one in a slot or USB on others,

A friend of mine looked at this a while back using the pretty simple technique
of drawing a scatter plot from the samples.  The output of most disconnected
audio inputs is a long, long way from random, and in particular if they mute
on lack of input or have at least a modicum of noise filtering, you just get a
run of zeroes.

>Yes, & there is software to turn a sound device into one:

Huge amounts of theory, no actual measurement of what you're getting from the
raw data as far as I can see.  The very, very brief "Actual Measurement
Results" involved running Maurer's test on the hashed output of the generator.

Sound cards are useful as a general "mix in it regardless because it can't
hurt" source, but you'd never want to use them as your single point of failure


More information about the cryptography mailing list