SoylentNews is people
SoylentNews
Want a FIPS 140-2 RNG? Look at the universe. The cosmic background radiation bathes Earth in enough random numbers to encrypt everything forever. Using the cosmic background radiation – the "echo of the Big Bang" – as a random number generation isn't a new idea, but a couple of scientists have run the slide-rule over measurements of the CMB power spectrum and reckon it offers a random number space big enough to beat any current computer.
Not in terms of protecting messages against any current decryption possibility: the CMB's power spectrum offers a key space "too large for the encryption/decryption capacities of present computer systems". A straightforward terrestrial radio telescope, this Arxiv paper states, should be good enough to make "astrophysical entropy sources accessible on comparatively modest budgets".
http://www.theregister.co.uk/2015/11/12/big_bang_left_us_with_a_perfect_random_number_generator/
(Score: 0) by Anonymous Coward on Friday November 13 2015, @02:15PM
So, I am not a cryptographer nor a physicist, but it occurs to me that given that the radiation is pretty much an
energy wave akin to a wireless network's. Based on that, using all the bytes obtained from the radiation and
use it as a key makes it possible to capture it as it is "generated". I am curious, from a statistical point of view,
what is the probability of collisions.
Even considering an out-of-order capture due to positioning, the bytes of the key would still be known.
Also a RNG is not a one-time pad, it would be used as a key for a cipher, which can be attacked. In other words,
you can't _decrypt_ a RNG.
As always, the evil lies in the details and this comment may be completely off track.
(Score: 2) by jdavidb on Friday November 13 2015, @02:19PM
I think the answer to that is that the field varies across three dimensions (probably more), so two different observers capturing random numbers from it in two different locations would get different numbers.
But I am way, way out of my field of expertise here, so I could be totally wrong.
ⓋⒶ☮✝🕊 Secession is the right of all sentient beings
(Score: 2) by JoeMerchant on Friday November 13 2015, @02:32PM
Using a picosecond clock timing when you log in in the mornings gives a hard-to-guess random number: assume a normal distribution with 100 seconds standard deviation, your clock reading will be more or less random in a range of values on the order of 10^14, even if you are ridiculously punctual with 1 second SD, that's still 10^12.
The key with using background radiation as your key is to collect it with sufficient resolution over a sufficient period such that any attacker (with a similar telescope pointed at a similar region of sky) would not get the same pattern to some level of confidence. Variations in location of antenna, variations in pointing angles, aperture, atmospheric interference, etc. will play into it. It's sort of like anti-science, an experiment that is provably hard to reproduce.
🌻🌻 [google.com]
(Score: 1, Interesting) by Anonymous Coward on Friday November 13 2015, @02:38PM
You want the non-reproducibility to be reproducible.
(Score: 1) by zoefff on Friday November 13 2015, @03:14PM
Just to imagine another attack vector: What if you shine with a laser into the telescope, wouldn't that make things more predictable?
(Score: 0) by Anonymous Coward on Friday November 13 2015, @05:21PM
The CMB is not measured at those wavelengths.
(Score: 1) by SunTzuWarmaster on Friday November 13 2015, @05:52PM
You are correct in thinking that these numbers are essentially random and that a pico-second clock would be a way around it. However, someone on the other side of the world would be able to adjust *their* pico-second clock until their numbers matched up with yours. Then, presumably, they would win at blackjack, take all your casino money, read all your E-mails, launch the nukes, mix the darks and the lights, and spoil the milk.
PS - obviously using these numbers as an encoding base doesn't work for the same reason, adding some "not random" number doesn't work for crypto reasons, etc.
(Score: 2) by JoeMerchant on Friday November 13 2015, @10:06PM
Not sure we're on the same page: to get a seed for your crypto PRNG for the day, feed it the ps clock value at the time you log in, nobody will measure the time of your login better than 1/100 second, even if they have a high resolution video feed that shows when you hit the enter key (and have managed to sync your ps clock to their camera feed) - and then, they've still got 10^10 codes to try to match up to whatever the visible outputs of your crypto PRNG are that day. Prevent people from seeing you hit the Enter key on video and you up your security by an order of magnitude.
Of course, if they've already crawled that deep into your system, they probably have keyloggers running on you that will make the rest of the security irrelevant.
🌻🌻 [google.com]