Re: entropykey: why did nobody ever mention this thing before?
Richard Jones <rich <at> annexia.org>
2010-08-02 09:32:19 GMT
On Mon, Aug 02, 2010 at 12:23:11AM +0100, Nix wrote:
> I just bought an Entropy Key (from <http://www.entropykey.co.uk/>. Why
> did nobody mention the existence of this thing before? Why is nobody
> shouting about it from the rooftops? It's very rare I find a device that
> plainly does everything *right*, with interface software I can't
> complain about at all (free software, nice coding style, very good
> documentation for both the hardware and software, easy network
> export/import of entropy, flexible enough to do everything I can imagine
> and easy to extend thanks to using a Lua-based inner loop, you name it).
> The hardware design appears to be pleasantly paranoid, and the device
> itself is plainly not made out of thin tinfoil as some of these things
> are (dropping it on the floor isn't going to smash it).
Fantastically overengineered (a reverse-biased junction with an ARM
processor?) yet very cheap.
However I'm suspicious that the numbers are really going to be random.
Back when I was a hardware engineer we actually tried to build a
theoretically perfect random number generator using a reverse-biased
zener diode sampled at a fixed rate by an ADC (similar in design to
how they describe the entropykey). The diode bounces off and on "at
random", but at quite a low average frequency. The clock rate that
you have to sample at must be some large multiple of this frequency in
order to reduce correlation with the frequency of the diode (IIRC the
clock rate finally chosen wasn't very much, 2 Hz or something, so you
end up with 2 random bits per second). Then there's the question of
whether the diode is bouncing up and down with some external factor:
power supply? environmental radio sources?