On 22/05/2019 19:32, Dennis Clarke wrote:
Good options inspired by other cryptographic libraries include:
- Number of bits of entropy passed in call (For example, a
perfectly balanced coin flipper could provide the 4 byte
values "head" or "tail" with an entropy of 1 bit).
Let's drop the coin flipper. It was an off hand remark and by now we
all know there ain't no such thing as a good coin flip for rng.
See Professor Persi Diaconis at Stanford for that :
https://www.youtube.com/watch?v=AYnJv68T3MM
Bell's theorem and kolmogorov aside get a radiation decay source as
that is really the *only* real rng that we know of.
Or that I know of. http://www.fourmilab.ch/hotbits/hardware.html
The coin flipper, even if theoretically problematic, is the standard
statistical example used to describe a 1-bit-at-a-time hardware RNG.
It includes a nice conceptual model to discuss hardware bias (using
Shannon's entropy formula etc.). Actual 1-bit sources include the
classic semiconductor shot noise fed to a comparator and some primitive
implementations of radioactive RNGs.
Also, radioactive sources are an unacceptable danger in many of the
embedded and portable applications most likely to lack floating point
support.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded