[cryptography] urandom vs random

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Aug 19 21:00:50 EDT 2013


Sandy Harris <sandyinchina at gmail.com> writes:

>A sound device is available on many server boards and often unused, or you
>can add one in a slot or USB on others,

A friend of mine looked at this a while back using the pretty simple technique
of drawing a scatter plot from the samples.  The output of most disconnected
audio inputs is a long, long way from random, and in particular if they mute
on lack of input or have at least a modicum of noise filtering, you just get a
run of zeroes.

>Yes, & there is software to turn a sound device into one:
>http://www.av8n.com/turbid/paper/turbid.htm

Huge amounts of theory, no actual measurement of what you're getting from the
raw data as far as I can see.  The very, very brief "Actual Measurement
Results" involved running Maurer's test on the hashed output of the generator.

Sound cards are useful as a general "mix in it regardless because it can't
hurt" source, but you'd never want to use them as your single point of failure
source.

Peter.


More information about the cryptography mailing list