Re: Random Data from Geiger Counter

Ben Laurie (ben@algroup.co.uk)
Mon, 06 Jul 1998 21:45:27 +0100

• Next message: Perry E. Metzger: "Re: Random Data from Geiger Counter"
• Previous message: William H. Geiger III: "Re: Random Data from Geiger Counter"
• In reply to: Ben Laurie: "Re: Random Data from Geiger Counter"
• Next in thread: Perry E. Metzger: "Re: Random Data from Geiger Counter"

William H. Geiger III wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> In <35A12436.90537B7B@algroup.co.uk>, on 07/06/98
> at 08:23 PM, Ben Laurie <ben@algroup.co.uk> said:
>
> >Perry E. Metzger wrote:
> >>
> >> "William H. Geiger III" writes:
> >> > I am looking at information on pulling random data from a Geiger counter
> >> > for use in crypto aplications.
> >> >
> >> > I plan on using a RM-60 from Aware Electronics:
> >> >
> >> > http://www.aw-el.com/index.htm
> >>
> >> John Walker has a cool page on a similar gadget he built and wrote
> >> software for. Check out
> >>
> >> http://www.fourmilab.ch/hotbits/
>
> >Seems to me like he's being very conservative about the entropy of the
> >data source - 1 bit for two (detected) decays. Surely we can get a bit
> >(or two) more out of it than that?
>
> I though it said that he was using 3 hits/bit?

Sorry, brain went on strike momentarily. Yes, 3 hits per bit. Though you
could amortize them (if that's the right word in these circs) to get ~1
hit per bit, of course.

While we're talking about it, although inverting every second bit may
eliminate systematic bias (if it happens to fit the 3 hits/bit system,
of course - if it happens to every second hit it may reinforce it :-), I
don't really buy it as a value add. OTOH, I can't fault it (other than
its lack of effect): XORing with any fixed stream of bits can hardly
hurt a random stream.

> Anyway this is why I am looking for information on this. I have done a
> couple of searches on the web but have not found any detailed study on
> using a Geiger-Muler Detector as a random source for crypto programs.

Well, it seems to me that the standard deviation of the interval between
hits should be predictable (a fixed fraction of the mean interval -
anyone remember enough stats to know what that fraction is?) and from
that and the timer resolution you can guesstimate a reasonable number of
bits to allow per hit, which can simply be derived from the timing of
the particular hit minus the mean.

Hmmm ... I can see that this train of thought is going to lead to
someone demanding that I back it up with some maths, so perhaps I'd
better shut up.

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/
WE'RE RECRUITING! http://www.aldigital.co.uk/recruit/

• Next message: Perry E. Metzger: "Re: Random Data from Geiger Counter"
• Previous message: William H. Geiger III: "Re: Random Data from Geiger Counter"
• In reply to: Ben Laurie: "Re: Random Data from Geiger Counter"
• Next in thread: Perry E. Metzger: "Re: Random Data from Geiger Counter"