Re: Random Data from Geiger Counter

Bill Stewart (bill.stewart@pobox.com)
Mon, 13 Jul 1998 18:44:41 -0700

• Next message: Bill Stewart: "Re: Mersenne Twister - Why a PRNG isn't a OTP"
• Previous message: Bill Stewart: "Re: Random Data from Geiger Counter"
• In reply to: Enzo Michelangeli: "Re: Random Data from Geiger Counter"
• Next in thread: Cicero: "Re: Random Data from Geiger Counter"

>>My big question is this: are there tools for taking a set of random
>>numbers dispersed according to a non-uniform distribution, like a
>>poisson or normal distribution, and turning them into a set of random
>>numbers over a uniform distribution? Given such tools, timing
>>intervals between the geiger counter ticks is probably safe --
>>otherwise, it may skew the results subtly.
>
>What do you see as the problems with:
> 1. Hash the data

This doesn't improve the entropy, almost by definition -
it just hides the lack of entropy, and smears it around.
I agree with you that "adjusting" the data is risky -
if done wrong it can mess up the data, and even if done right it
still can't really improve it either, but as long as you're not
losing much precision in your calculations, it can make the
cooked data a bit safer to use.

The precision you lose is normally in the low-order bits,
which can theoretically have the most entropy,
but which are also most susceptible to hidden patterns,
like granularity in clock ticks or D/A conversions -
if you're going to play games with hashing or pools,
it can make sense to keep both parts, e.g.
        Hash( raw_data, whitened_data )

>What do you see as the problems with:
> 1. Hash the data
> 2. Encrypt the data in CBC mode with the hash as key
>If the hash and cipher are both strong, this should be good.

I don't trust the latter step - you're using the encryption
as a hash function, which it wasn't designed for,
rather than using a hash function that _was_ designed for hashing.
If you don't trust the hash function you're using, do something like
        Hash2(Hash1(data)) or
        Hash2( Hash1(data), data ) or
        Hash2( Hash1(raw_data, cooked_data, salt), salt)
or find a hash function you do trust.

Salting your hash functions can be valuable if you're in
an environment where some of your seed data comes from an
eavesdroppable source - at least the eavesdropper can't tell
how you're using the public data.

                                Thanks!
                                        Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639

• Next message: Bill Stewart: "Re: Mersenne Twister - Why a PRNG isn't a OTP"
• Previous message: Bill Stewart: "Re: Random Data from Geiger Counter"
• In reply to: Enzo Michelangeli: "Re: Random Data from Geiger Counter"
• Next in thread: Cicero: "Re: Random Data from Geiger Counter"