Bill Studenmund <wrstuden@netbsd.org> writes:
> > I seem to remember some studies that claim audio noise (with and
> > without a microphone) as being a bad way to gather entropy.
> 
> Those studies would be interesting to see.

I don't recall any such studies. If you turn up the gain all the way
and have no input, some of what you get is absolutely thermal
noise. If you're careful not to distill off more than that many bits a
time period you're absolutely fine.

If anyone has seen such a study I'd love to see it.

> I think Perry's point (well the point I understand in this) is that
> hackers can generate traffic patterns and thus push on the entropy to a
> much greater degree than they can push on what the microphone jack picks
> up.

There might be ways by directing RF at a system to influence a
microphone based input, but again, thermal noise is a necessary
component and so long as it is present, the adversary can't influence
OR GUESS those bits. Given that, and given both the strong avalanche
criterion and a compression function with that property (such as one
based on a cryptographic hash), the output won't be predictable.

Contrast this with an ethernet port. Even if I can just narrow the
timing information to fifteen million possible values from a far
vaster array of possibilities, you can brute force try lots of them,
especially if you're in a position to do an adaptive attack. It is a
very different sort of situation. Although you don't know all the
bits, potentially you could guess them.

Now, my expectation is that this attack is impractical and that we
have enough impediments, but I'm fallible and so are all of us. The
way to play the game in this sort of thing is to close off anything
you've got doubts about, not to only get rid of what you know to be
broken.


--
Perry E. Metzger		perry@wasabisystems.com
--
NetBSD Development, Support & CDs. http://www.wasabisystems.com/