Why does a radio still work inside a metal box?

[meBigGuy]

I'll say it again, loudly --- A RADIO IS A TERRIBLE SOURCE FOR RANDOM NOISE (in general, and also for the reasons I stated). If you do not look at the noise source's spectrum and autocorrelation and do what ever is needed to make it clean, you are not doing your job. PERIOD! You are totally guessing, and are likely wrong in a big way.

The simple circuits I posted, the single chip digital pseudo random generator, and many more google-findable noise sources are all wiser choices, simpler, cheaper and probably outperform anything you can do with a radio.

A radio is a complex design with unintended feedback, power supply noise, many components with possibly long term correlated effects. The list goes on and on.

I really don't understand why you are so fixated on the radio and blind to the superior results of nearly any credible design.

 

[Tom_K]

I'll say it again, loudly --- A RADIO IS A TERRIBLE SOURCE FOR RANDOM NOISE (in general, and also for the reasons I stated). If you do not look at the noise source's spectrum and autocorrelation and do what ever is needed to make it clean, you are not doing your job. PERIOD! You are totally guessing, and are likely wrong in a big way.

The simple circuits I posted, the single chip digital pseudo random generator, and many more google-findable noise sources are all wiser choices, simpler, cheaper and probably outperform anything you can do with a radio.

A radio is a complex design with unintended feedback, power supply noise, many components with possibly long term correlated effects. The list goes on and on.

I really don't understand why you are so fixated on the radio and blind to the superior results of nearly any credible design.

I agree. I lost track of what the experiment was all about. Initially, I thought it was all about shielding RF, and why an AM radio signal was harder to shield than FM.

If it is only about generating random noise in the audio range, he can probably do no better than what is available here.

And everything you want to know about noise and noise measurements is here.

 

[arydberg]

The magnet experiment, and some other actions suggested by contributors:-

The tin IS magnetic, attracting a magnet well
The walls are 0.25mm thick (including paint)
The inside of the tin is unpainted

This is the tin and radio (should have posted a photo earlier )

View attachment 84698
http://argos.scene7.com/is/image/Argos/5003820_R_Z002A_UC1051961?$TMB$&wid=312&hei=312

I grounded the tin to the Earth wire from a UK mains electrical socket, and repeated the reception test. I filed off the paint where the wire touched the tin. Results:-
FM: Total static. No discernible change with /without Earth wire. No Gaga.
AM: Tinny but recognisable radio station. No, repeat no discernible change in pitch or volume with /without Earth wire. Surprised.

Tell us more about the wire that goes into the box.

 

[arydberg]

Tell us more about the wire that goes into the box.

The wire is shown in the picture you posted it looks like flat flex cable of 2 or 3 or 4 wires. Is it used for a speaker or power? it may be acting as an antenna and bringing signals into the box.

 

[Paul Uszak]

Hiss

I lost track of what the experiment was all about.

Sorry about that. Two of my questions were merged together for me at the start and thus unfortunately two threads run throughout this post (Hiss & shielding)

With respect, I'm not blind to alternative sources of entropy, and I'm quite familiar with their performance characteristics. I am committed to hardware generation, not pseudo random. I like the idea of using a radio. After all fish tanks, lava lamps and typing have been used before very successfully. One of the two popular random generation sites uses radios...

An earlier contributor suggested that the hiss was created by thermal noise in the the initial stages of the receiver. Is there any evidence to refute this claim?

 

[Paul Uszak]

Shielding

The cable is a standard PC power lead with the computer connector end cut off. It's plugged into a power socket and I've bared and trapped the Earth conductor under the tin's lid. I filed off the paint on the side of the tin to ensure a good Earth contact. The Earth pin works in the power socket. There's no speaker cable, I can just hear the sound from the radio's in built speaker.

 

[meBigGuy]

An earlier contributor suggested that the hiss was created by thermal noise in the the initial stages of the receiver. Is there any evidence to refute this claim?

There is no evidence to support that claim, especially in your specific receiver. Also, others have said that discriminator output is NOT random. (I can't speak to evidence to support that claim). There could easily be (and probably are) design dependent characteristics of the radio that have correlative effects. You need to measure and analyze the noise. To do otherwise is poor engineering.

 

[Baluncore]

An earlier contributor suggested that the hiss was created by thermal noise in the the initial stages of the receiver. Is there any evidence to refute this claim?

The noise floor is Johnson Noise. https://en.wikipedia.org/wiki/Johnson–Nyquist_noise
But if you have an antenna on the radio it will also have man made noise (QRM) and natural noise (QRN) such as lightning crashes added.

The amplitude of Johnson noise is a function of temperature and bandwidth.
What data rate in bits per second do you need from your random number generator ?

 

[arydberg]

Shielding

The cable is a standard PC power lead with the computer connector end cut off. It's plugged into a power socket and I've bared and trapped the Earth conductor under the tin's lid. I filed off the paint on the side of the tin to ensure a good Earth contact. The Earth pin works in the power socket. There's no speaker cable, I can just hear the sound from the radio's in built speaker.

Do you power the radio with the power lead? If so this is what is carrying the signal into the box. Repeat the experiment with a battery powered radio.

 

[meBigGuy]

There are all sorts of ways for non-thermal noise effects to occur in a radio-in-a-box. The RF amplifiers (least likely), the synthesizer, the mixer, the IF amplifiers, the discriminator (in FM) can all have issues. In addition to that is the likelihood (hi-probability) of low level RF signals leaking in. Maybe the audio amplifier noise gets on the power supply and creates phase jitter in the synthesizer. Especially in modern single IC AM/FM radios. Maybe a missing bypass capacitor that saved the manufacturer a tenth of a penny. A crystal that is sensitive to mechanical vibration. The list goes on and on. If you are building a toy so you can say you did it, then fine. Go for it.

 

[Paul Uszak]

Shielding

This is the radio. It's battery powered. I only use the Earth conductor as a ground, which is trapped under the lid. I cut off the live and neutral conductors.

 

[Paul Uszak]

If you are building a toy...

Thanks for the additional information about noise components, but it's not a toy.

I could give you a long list of reasons why this is an entirely credible technique, but instead I offer you the following to dwell upon. A question that if you answer no to, will conclusively invalidate your cynicism once you undertake the appropriate research. Can you generate cryptographic strength random numbers from :-
1. Fish in an aquarium
2. Hitting keys on a keyboard

 

[Jeff Rosenbury]

Thanks for the additional information about noise components, but it's not a toy.

I could give you a long list of reasons why this is an entirely credible technique, but instead I offer you the following to dwell upon. A question that if you answer no to, will conclusively invalidate your cynicism once you undertake the appropriate research. Can you generate cryptographic strength random numbers from :-
1. Fish in an aquarium
2. Hitting keys on a keyboard

No, I can't. I don't own an aquarium.

More seriously, any semi-random number can be fed through a pseudo-random number function to give a random, statistically flat response. But that assumes no one will find your function and influence your semi-random number selection. Penn and Teller have some nice YouTube videos which indicate the sort of deviousness to which we humans aspire. A smarter guy will always come along.

 

[meBigGuy]

I would feel better about the fish than what you are doing with the radio.
You can do whatever you want. It makes no difference to me.
Obviously you can learn nothing from me since you already did all the appropriate research.

It's all about the noise correlation, and you have no basis for any assumptions you are making with your radio. I know how that radio works, what chip it probably uses (CXA1019S used in the ICF-S10 MK2 ), etc. It is a consumer product. If you don't validate the data, chances are it will be poor quality.

It's your choice. I've said my piece and will remain silent from here on out.

 

[Paul Uszak]

What data rate in bits per second do you need from your random number generator ?

I'm not really targeting any particular generation rate. I'll take what I can get. You've caught me on the hop as I wasn't expecting to be discussing randomness extraction - I asked what makes a radio go "Shhhhh".

So, I've done a little test and by my reckoning I can get 100,000 bps.

 

[Baluncore]

So, I've done a little test and by my reckoning I can get 100,000 bps.

100kbps is 5 times greater than the audio bandwidth of an FM radio and more than 10 times the bandwidth of an AM radio. So most sequential "random" bits will be the same.

The data rate you require is different from the data rate you think you might be able to get. I asked what data rate you require.

Fish in an aquarium might generate 1 bit per minute and you would probably have to keep watching. During the day they would face the light, then sleep at night.
Hitting keys on a keyboard might generate bit data at the average character rate, so long as you keep typing and can time key arrivals to better than 10usec.

 

[arydberg]

Shielding

This is the radio. It's battery powered. I only use the Earth conductor as a ground, which is trapped under the lid. I cut off the live and neutral conductors.
View attachment 84824

I think you should try grounding the box to the ground terminal of the radio instead of the Earth ground. . Perhaps one lead of the headphone jack could be used as a ground terminal.

 

[meBigGuy]

Typical CXA1019S design

 

[Sun E Man]

Radio waves are magnetic lines of force and will go through almost anything without loosing all their strength. Try putting a magnet close to the outside of the box then dangle a nail on a string inside the box. Move the string and nail closer to the magnet and the string will deflect, if moved close enough the nail will attach to the side of the box. The magnet's field is constant, but radio waves are moving and cut through the antenna and induce a small detectable currant in it. This is also how a generator or alternater work, a rotating (moving) magnetic field cuts through the windings of the stater causing currant flow.

 

[Paul Uszak]

...ll go through almost anything without loosing all their strength.

How do you reconcile this thesis with the results of my experiment, whereby FM reception was totally blocked by the thin tin..?

 

[Baluncore]

How do you reconcile this thesis with the results of my experiment, whereby FM reception was totally blocked by the thin tin..?

It was not totally blocked.
The phase noise of the first LO in the cheap FM receiver was greater than it's sensitivity to the RF signal available inside the tin.

 

[Paul Uszak]

Baluncore, I'm not really looking for any rate. I don't need a rate. This is a recreational pursuit.

As for your other points, I think that unfortunately there are some errors. You're proceeding from a false assumption of how randomness can be extracted from an entropy source. Following my little test, my radio outputs approximately 1 Mbps of data. I was being conservative estimating I could extract 1 bit from 10. There is little relationship between bandwidth and the rate of entropy output.

I wasn't being facetious with the fish tank. Off the top of my head, you could probably extract something in the region of 50 kbs. Don't think which way the fish are pointing. Think camera.

You're least wrong in regards to the typing. This is the slow admittedly, but there is key lengthening and entropy reseeding that can help...

 

[nsaspook]

Baluncore, I'm not really looking for any rate. I don't need a rate. This is a recreational pursuit.

As for your other points, I think that unfortunately there are some errors. You're proceeding from a false assumption of how randomness can be extracted from an entropy source. Following my little test, my radio outputs approximately 1 Mbps of data. I was being conservative estimating I could extract 1 bit from 10. There is little relationship between bandwidth and the rate of entropy output.

I wasn't being facetious with the fish tank. Off the top of my head, you could probably extract something in the region of 50 kbs. Don't think which way the fish are pointing. Think camera.

You're least wrong in regards to the typing. This is the slow admittedly, but there is key lengthening and entropy reseeding that can help...

I don't think he was mistaken. The entropy source is the seed (randomizer dial) for a cryptographically secure PRNG. Having a large number of randomizer dials that only have few easily influenced setting is insecure if you (the adversary) can inject known data into the entropy pool accumulator from a known source. At high data rates you need to reseed the PRNG often so you need a large pool to generate the seed data. In total isolate the radio's noise or even the fish in a tank would work but the both can be easily influenced by external factors like a very strong signal that defeats the shielding or tapping on the tank walls to attract them in one way or another if you know it's the entropy source for the system. So if you have low quality entropy and a good secret to hash that with it can increase the confidence but then the secret and hash must both be strong cryptographically. Realistically you might get 10 kbps of noise from the radio that will have to be normalized (limited strings of ones or zeros) into a random stream of data at a lower rate of maybe a few kbps.

I've made simple entropy sources from a micro-controller SRAM bits on powerup by storing in EEPROM what SRAM bits are stuck 0/1 and which ones are random. It's not secure but does provide a simple seed hashed with CRC16 for the PRNG library with chip demos that generate random patterns on powerup using leds or LCD displays.

 

[Baluncore]

You're proceeding from a false assumption of how randomness can be extracted from an entropy source. Following my little test, my radio outputs approximately 1 Mbps of data. I was being conservative estimating I could extract 1 bit from 10. There is little relationship between bandwidth and the rate of entropy output.

That statement demonstrates your complete rejection of the fundamental principles of the Nyquist–Shannon sampling theorem.
https://en.wikipedia.org/wiki/Nyquist–Shannon_sampling_theorem
You are not discussing physics in the real world, you are in the realm of wishful thinking and science fiction.

Edit:
See; https://en.wikipedia.org/wiki/Entropy_in_thermodynamics_and_information_theory

 

[nsaspook]

That statement demonstrates your complete rejection of the fundamental principles of the Nyquist–Shannon sampling theorem.
https://en.wikipedia.org/wiki/Nyquist–Shannon_sampling_theorem
You are not discussing physics in the real world, you are in the realm of wishful thinking and science fiction.

Edit:
See; https://en.wikipedia.org/wiki/Entropy_in_thermodynamics_and_information_theory

He can't get 1 Mbps of data directly from the FM radio audio but he can use the low speed noise (if it's high quality) to generate a much faster or longer stream of data from a CSPRNG with a long repeating sequence that completely changes the sequence of a continuous and encrypted random datastream from a small changes in the mixer logic. The trick to to be able to securely generate keystreams from the low speed entropy source by masking or hiding the underlaying pattern if its not truly random but just chaotic. A similar system was used in the fleet broadcast systems build in the 50's and used until the 80's that used a several types of a noise randomizer intermixed with the true encryption stream to extend the amount of data that could be used with one key. Most of these devices were compromised in the 60's but the design was good so it only took a few simple card swaps and it was secure as ever even if they (NK) had the old machines, old key cards and understood the crypto-principles of the devices.
http://eprint.iacr.org/2014/167

 

[Baluncore]

He can't get 1 Mbps of data directly from the FM radio audio but he can use the low speed noise (if it's high quality) to generate a much faster or longer stream of data from a CSPRNG with a long repeating sequence that completely changes the sequence of a continuous and encrypted random datastream from a small changes in the mixer logic.

That is understood, but Paul Uszak has disavowed the use of a digital sequence generator.
In today's electrical environment, the Mersenne Twister is whiter than any noise from a radio or video link.

 

[Jeff Rosenbury]

Most of these devices were compromised in the 60's[.]

And there's the rub. For a one time pad to be unbreakable, the pad data must be truly random. Once non-random data shows up, it's possible to break the system.

Shannon did most of the important early work in information. Yet he also did the important early work in electronic cryptography: "Communication Theory of Secrecy Systems.

The minute you base your system on goldfish, some joker is going to come along with trained goldfish to throw a wrench in your machine.

Still, one time pads are expensive to do right and so hard to use that human users historically quickly compromise them. So secrecy is always a trade off between how badly you want to protect your data and the effort that requires.

 

[nsaspook]

And there's the rub. For a one time pad to be unbreakable, the pad data must be truly random. Once non-random data shows up, it's possible to break the system.

They weren't compromised mathematically, they used the old fashioned method of breaking in, killing people and stealing. The one time pads were also compromised. The systems were only compromised for the dates they stole the keying material for, not broken. The proof of that is the USSR paid traitors millions of dollars for crypto keys (that looked like old Hollerith punch cards) long after they had the machines with a complete set of theory and service manuals. The machines while classified were only at most SECRET, the keying material was treasure that everyone wanted.

https://www.nsa.gov/about/cryptologic_heritage/60th/interactive_timeline/Content/1960s/documents/19690228_Doc_3075790_Cryptographic.pdf

 

[Baluncore]

They weren't compromised mathematically, they used the old fashioned method of breaking in, killing people and stealing.

To put it more politely, there is theoretical cryptanalysis, undertaken by mathematicians and there is practical cryptanalysis, carried out by agents.

I cannot think of a good use for random numbers generated from Johnson noise.

 

[Jeff Rosenbury]

They weren't compromised mathematically, they used the old fashioned method of breaking in, killing people and stealing. The one time pads were also compromised.

The used one time pads should have been destroyed, making their data safe. The unused ones don't have any data associated with them.

Of course that may not have happened, but that would be another human failing (on top of the spying and such).

Few systems fail mathematically.

 

[nsaspook]

Few systems fail mathematically.

It's usually the opposite. X system has a hidden fault that's exploited (sometimes you can't read the information directly but you can still use traffic analysis if the random noise cover can be removed on a synchronous data stream) so there's no need to try money, sex or violence (in secret) to decrypt the information as a last resort unless you just like that sort of thing.
As usual North Korea did the stupid thing by resorting to open violence that in the end netted them (including China and the USSR) very little until they had a secret supplier of keying material.

 

[nsaspook]

I cannot think of a good use for random numbers generated from Johnson noise.

It's mainly useful in key distribution and protection that's always a problem even if the actual encryption system is secure but in theory can be used directly to create a secure key distro system.
The Kirchhoff-Law-Johnson-Noise (KLJN) protocol: http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3995997/

It looks great on paper but has problems that the authors gloss over.
http://arxiv.org/abs/1402.2709

 

[Baluncore]

Of course that may not have happened, but that would be another human failing (on top of the spying and such).

There were occasions when blocks of German supposed "one time" Enigma settings were reissued because of lazyness on the part of the generator clerks. That might not have been noticed if the Enigma was not being broken slowly at the time. It made for quick results since some settings were predictable for blocks of time.

There were occasians when Russian "one time" pads were issued again for the use with routine published data. The Russian pad making clerks did not understand the implications or expect the USA to cross correlate monitored messages against each other.

It is a common observation that codemakers always think that their secret cipher is unbreakable, or that their white noise is whiter than white. Those systems are soft targets for cryptanalysts who are selected because they assume that every cipher can be broken. Cryptanalysts pride themselves on being able to read a recipients mail before the recipient actually receives a decode from their ciher clerk. That has happened many times throughout history.

 

[meBigGuy]

Somewhere through all this crypto stuff I got lost. (but, that easy, since I know squat about crypto)

Baluncore said:
" I cannot think of a good use for random numbers generated from Johnson noise."

I thought Johnson noise was white and could be used for random key generation. Can you explain what I am missing?

 

[nsaspook]

I thought Johnson noise was white and could be used for random key generation. Can you explain what I am missing?

It can be one step in the process with a Key derivation function but on the systems I used the importance of the key was that it was unknown and unknowable by just looking at the stream generated using that key from the private randomizer. A key generator (KDF) might have several filters that eliminate A key or a sequence of keys. For example on some systems there were maintenance keys (sometimes inadvertently used on-line) that generated test patterns that were used to troubleshoot the device, keys that had been already used, keys that were possibility compromised (usually because someone lost one) or possibility a set of weak keys that were known to generate poor cryptographic keystreams. So simply because a key is 'random' doesn't mean it's a good key. I have no idea what the OP is planning to do but it's extremely unlikely that FM radio noise will be better than a simple noise source.

 

[Baluncore]

I thought Johnson noise was white and could be used for random key generation.

Johnson noise comes from a real source with a complex impedance. It then requires AC coupled amplification with inherent band limiting, using ageing power supplies, comparators and sampling before it becomes a bit stream.

I do not believe that the bit stream generated from Johnson Noise can be relied upon to be white or remain white. To be useful, a copy would need to be communicated and held at both ends of a data link. It is very difficult, if not impossible, to compress a random bit-stream efficiently.

I argue that a Mersenne Twister would generate a more reliable random stream. It could be seeded by something akin to tossing coins. Only the shorter seed need be communicated and held at both ends of a link.

Maybe Johnson Noise could be used to generate a short seed for a PRBS generator, but any long Johnson Noise generated bit-stream would begin to show some colour due to the electronics employed.

 

[nsaspook]

The problem is a native Mersenne Twister generates good randomness but is not Cryptographically secure, it's easy to find the internal state.
https://jazzy.id.au/2010/09/22/cracking_random_number_generators_part_3.html

 

[Baluncore]

... but is not cryptographically secure, it's easy to find the internal state.

That requires the entire internal state be exposed and accessible. Anyone can run a fully specified known generator backwards.
Where for example only a single bit from each integer is used, the state machine cannot be tracked and then predicted.

 

[nsaspook]

That requires the entire internal state be exposed and accessible. Anyone can run a fully specified known generator backwards.
Where for example only a single bit from each integer is used, the state machine cannot be tracked and then predicted.

Yes, the difficulty with a CSPRNG is getting that state from the stream in the first place and even if you do you can't reconstruct the past stream and with entropy inputs you can't know the future state.

That makes it harder but not impossible with large amounts of data if the PRNG is leaking state badly.

One that considers using a PRNG (or only a CSPRNG) for key generation is, of course, in a state of sin

Paraphrasing John Von Neumann (as cited by Donald E. Knuth)

 

[Baluncore]

That makes it harder but not impossible with large amounts of data if the PRNG is leaking state.

Likewise, Direct Sequence Spread Spectrum has code and chip leakage that is radiated.
Any leakage is like littering. I'm quite happy to wander along behind, picking up the key sequence as it is discarded.

Security is multidimensional. Any weakness in any dimension can implode the security of the entire system, without the user being aware.

 

[nsaspook]

Likewise, Direct Sequence Spread Spectrum has code and chip leakage that is radiated.
Any leakage is like littering. I'm quite happy to wander along behind, picking up the key sequence as it is discarded.

Security is multidimensional. Any weakness in any dimension can implode the security of the entire system, without the user being aware.

Yes, and what's good (Mersenne twister and many others Kiss) for games and statistical or physics simulations is not good for Crypto where you have an attacker.

 

[Jeff Rosenbury]

It's usually the opposite. X system has a hidden fault that's exploited (sometimes you can't read the information directly but you can still use traffic analysis if the random noise cover can be removed on a synchronous data stream) so there's no need to try money, sex or violence (in secret) to decrypt the information as a last resort unless you just like that sort of thing.
As usual North Korea did the stupid thing by resorting to open violence that in the end netted them (including China and the USSR) very little until they had a secret supplier of keying material.

Perhaps I should have said, purely mathematically.

I was thinking of side channel attacks, often involving some engineer/operator making a mistake. A recent example was the flaw in browser security where someone found a way to force browsers to use a less secure legacy encryption system. While I suppose that could be looked at as a mathematical failure of the system, it didn't make the system useless in a mathematical sense, but it did require a software update.

Another example is the Advanced Encryption System's vulnerability to power systems attacks. It seems that someone with a good scope can look at the CPU's power usage while the CPU is encrypting/decrypting and read the key in the waveform. Again, it's somewhat mathematical, but doesn't invalidate the conceptual system. (Though fixing that problem isn't trivial.)

So even with a strong mathematical system, implementation is often weak.

Smart people are needed throughout the development lifecycle. And when someone smarter comes along...

 

[nsaspook]

Smart people are needed throughout the development lifecycle. And when someone smarter comes along...

and they get hired by XXX.
https://p.gr-assets.com/540x540/fit/hostedimages/1389217464/8006750.jpg

 

[nsaspook]

I thought Johnson noise was white and could be used for random key generation. Can you explain what I am missing?

If it's a little 'off WHITE' that's still good as the process turns RED into BLACK. Red/black

http://fas.org/irp/program/security/blacker.htm

 

[Sun E Man]

Here is something to think about. As radio frequencies get higher they act more light and are absorbed or reflected. In Ham radio, re-peters are set on high towers or mountains because line of sight communication is only possible at 147mhz. and above under normal conditions. Try holding a cookie sheet close to your radio between your radio and the transmitting station. You may get nearly the same result as you do inside the tin. Leakage of the tin may not be the problem. Also AM radio stations put out a much stronger signal, in the thousands of watts and most FM stations are less than 1000 watts. If you can you may want to try your test close to a FM station and see what the result is.

 

[Paul Uszak]

That statement demonstrates your complete rejection of the fundamental principles of the Nyquist–Shannon sampling theorem.
https://en.wikipedia.org/wiki/Nyquist–Shannon_sampling_theorem
You are not discussing physics in the real world, you are in the realm of wishful thinking and science fiction.

Edit:
See; https://en.wikipedia.org/wiki/Entropy_in_thermodynamics_and_information_theory

I think that this is a good point, and I've broken it out somewhat into another thread: https://www.physicsforums.com/threads/can-pocket-fm-radio-output-at-50khz.819734/

Depending on how that one goes, I think that I might just be discussing physics in the real world, it's just that I think you've miss-understood the conditions under which the Nyquist–Shannon sampling theorem applies. Figure 1 of your wiki rebuttal captures it in a nutshell. The sampling rate (therefore the information content) is dependant on sampling a source which has a limited Fourier transform. The bandwidth may be broader than you've stated.

 

[Paul Uszak]

So if you have low quality entropy and a good secret to hash that with it can increase the confidence

This is a common fallacy that people have fallen for.

Fly by night companies are always saying they have a super dooper security algorithm, but they won't tell you how it works or publish the source code. For "Security" they say. Security through obscurity is no security at all. All the cryptographic algorithms in mainstream use are entirely in the public domain. They rely on the inherent mathematical principles they are based upon, not any "clever" secret. My extraction code is free for anyone to inspect. The more people inspect it, the more people will trust it and develop confidence in the final product. Trust does not equal secrecy. Rather the opposite. Think your Government.

The quality of an entropy source is irrelevant to the quality of the final random output. It just means than weak entropy sources produce truly random numbers at a slower rate than strong sources.That's why radio noise and fish work as strong random number generators (End on picture of a fish, not a kiss.)

 

[nsaspook]

This is a common fallacy that people have fallen for.

Fly by night companies are always saying they have a super dooper security algorithm, but they won't tell you how it works or publish the source code. For "Security" they say. Security through obscurity is no security at all. All the cryptographic algorithms in mainstream use are entirely in the public domain. They rely on the inherent mathematical principles they are based upon, not any "clever" secret. My extraction code is free for anyone to inspect. The more people inspect it, the more people will trust it and develop confidence in the final product. Trust does not equal secrecy. Rather the opposite. Think your Government.

I mainly agree, we always assumed the USSR had serial #1 of any new device we used. Obscurity of principle doesn't provide security unless that obscurity is protected by force as a part of the key. Fly by night companies can't kill you or lock you up for long periods of time but Governments can. An important aspect of obscurity (in the right place and done right) is not that it provides ultimate security but how it can increase the 'effort' to possibly decode in a timely fashion when it it's possible the system can be compromised in some way. Most critical information is time sensitive so if you can increase the decode time from a day to a week by secretly swapping cards by trusted personnel to force a reanalysis of the system, that's a win if you understand the capabilities of the attacker in a tactical situation.

 

[Baluncore]

"Remember, the Enemy also listens".

"To transmit is tantamount to Treason".

 

[arydberg]

How do you reconcile this thesis with the results of my experiment, whereby FM reception was totally blocked by the thin tin..?

Please try grounding the can to the ground on the radio.