[cryptography] urandom vs random

William Yager will.yager at gmail.com
Mon Aug 19 21:20:19 EDT 2013


On Aug 19, 2013, at 7:46 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:

> You can get them for as little as $50 in the form of USB-key media players
> running Android.  Or if you really insist on doing the whole thing yourself,
> get something like an EA-XPR-003 ($29 in single-unit quantities from Digikey,
> http://www.digikey.com/product-detail/en/EA-XPR-003/EA-XPR-003-ND/2410099) and
> solder on a zener diode and a few I2C environmental sensors for
> noise/unpredictability generation.
> Peter.

If someone is interested in building something like this, you may want to start with this simple project I posted on Github a while back. https://github.com/wyager/TeensyRNG

It's a simple, but (I think) pretty secure hardware PRNG that takes environmental noise and securely mixes it into an internal entropy pool. It does a few nice things like input debiasing, cryptographic mixing, etc. With a few small changes you could slap it on pretty much any microcontroller or SoC and get a pretty decent entropy stick. I used the $19 teensy and it generates about 100 bytes/sec of what is probably pretty good pseudorandom data. No guarantees, of course. I probably made some fatal mistake that would render it useless in certain contexts, but like I said, it's a place to start.

Will
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130819/cc910e4f/attachment.asc>


More information about the cryptography mailing list