[cryptography] urandom vs random

grarpamp grarpamp at gmail.com
Thu Aug 22 01:38:41 EDT 2013


On Wed, Aug 21, 2013 at 6:44 PM, Aaron Toponce <aaron.toponce at gmail.com>
> which in order to be truly random, must come from some chaotic random
> source, such as radioactive decay. However, you can make statistical
> judgements on the output

> to determine if the source is 'random enough'.

Perhaps not quite, as others have said re: sha256 over a simple counter.
Though I should have initially said 'assuming you have a true random source,
what then to test your further implementation from that'. Or even to catch
gross errors in your implementation of the trueness you get from your
local smoke detector demolition haul in your city, radio noise, etc.

note: the hotbits seems to use an off the shelf closed detector with a
check source. As opposed to opensource detector with check
(or smoke) source. The hobbyist (having first studied safety of course)
would wish to create their own ionization detector, rather than use off the
shelf boxes.

> The trick
> is sampling for a long period of time, rather than a few minutes here and

Agree with this, even up to the order of how long you may need to
repudiate a transaction.


More information about the cryptography mailing list