Why does a radio still work inside a metal box?

[Paul Uszak]

Shielding

This is the radio. It's battery powered. I only use the Earth conductor as a ground, which is trapped under the lid. I cut off the live and neutral conductors.

 

[Paul Uszak]

If you are building a toy...

Thanks for the additional information about noise components, but it's not a toy.

I could give you a long list of reasons why this is an entirely credible technique, but instead I offer you the following to dwell upon. A question that if you answer no to, will conclusively invalidate your cynicism once you undertake the appropriate research. Can you generate cryptographic strength random numbers from :-
1. Fish in an aquarium
2. Hitting keys on a keyboard

 

[Jeff Rosenbury]

Thanks for the additional information about noise components, but it's not a toy.

I could give you a long list of reasons why this is an entirely credible technique, but instead I offer you the following to dwell upon. A question that if you answer no to, will conclusively invalidate your cynicism once you undertake the appropriate research. Can you generate cryptographic strength random numbers from :-
1. Fish in an aquarium
2. Hitting keys on a keyboard

No, I can't. I don't own an aquarium.

More seriously, any semi-random number can be fed through a pseudo-random number function to give a random, statistically flat response. But that assumes no one will find your function and influence your semi-random number selection. Penn and Teller have some nice YouTube videos which indicate the sort of deviousness to which we humans aspire. A smarter guy will always come along.

 

[meBigGuy]

I would feel better about the fish than what you are doing with the radio.
You can do whatever you want. It makes no difference to me.
Obviously you can learn nothing from me since you already did all the appropriate research.

It's all about the noise correlation, and you have no basis for any assumptions you are making with your radio. I know how that radio works, what chip it probably uses (CXA1019S used in the ICF-S10 MK2 ), etc. It is a consumer product. If you don't validate the data, chances are it will be poor quality.

It's your choice. I've said my piece and will remain silent from here on out.

 

[Paul Uszak]

What data rate in bits per second do you need from your random number generator ?

I'm not really targeting any particular generation rate. I'll take what I can get. You've caught me on the hop as I wasn't expecting to be discussing randomness extraction - I asked what makes a radio go "Shhhhh".

So, I've done a little test and by my reckoning I can get 100,000 bps.

 

[Baluncore]

So, I've done a little test and by my reckoning I can get 100,000 bps.

100kbps is 5 times greater than the audio bandwidth of an FM radio and more than 10 times the bandwidth of an AM radio. So most sequential "random" bits will be the same.

The data rate you require is different from the data rate you think you might be able to get. I asked what data rate you require.

Fish in an aquarium might generate 1 bit per minute and you would probably have to keep watching. During the day they would face the light, then sleep at night.
Hitting keys on a keyboard might generate bit data at the average character rate, so long as you keep typing and can time key arrivals to better than 10usec.

 

[arydberg]

Shielding

This is the radio. It's battery powered. I only use the Earth conductor as a ground, which is trapped under the lid. I cut off the live and neutral conductors.
View attachment 84824

I think you should try grounding the box to the ground terminal of the radio instead of the Earth ground. . Perhaps one lead of the headphone jack could be used as a ground terminal.

 

[meBigGuy]

Typical CXA1019S design

 

[Sun E Man]

Radio waves are magnetic lines of force and will go through almost anything without loosing all their strength. Try putting a magnet close to the outside of the box then dangle a nail on a string inside the box. Move the string and nail closer to the magnet and the string will deflect, if moved close enough the nail will attach to the side of the box. The magnet's field is constant, but radio waves are moving and cut through the antenna and induce a small detectable currant in it. This is also how a generator or alternater work, a rotating (moving) magnetic field cuts through the windings of the stater causing currant flow.

 

[Paul Uszak]

...ll go through almost anything without loosing all their strength.

How do you reconcile this thesis with the results of my experiment, whereby FM reception was totally blocked by the thin tin..?

 

[Baluncore]

How do you reconcile this thesis with the results of my experiment, whereby FM reception was totally blocked by the thin tin..?

It was not totally blocked.
The phase noise of the first LO in the cheap FM receiver was greater than it's sensitivity to the RF signal available inside the tin.

 

[Paul Uszak]

Baluncore, I'm not really looking for any rate. I don't need a rate. This is a recreational pursuit.

As for your other points, I think that unfortunately there are some errors. You're proceeding from a false assumption of how randomness can be extracted from an entropy source. Following my little test, my radio outputs approximately 1 Mbps of data. I was being conservative estimating I could extract 1 bit from 10. There is little relationship between bandwidth and the rate of entropy output.

I wasn't being facetious with the fish tank. Off the top of my head, you could probably extract something in the region of 50 kbs. Don't think which way the fish are pointing. Think camera.

You're least wrong in regards to the typing. This is the slow admittedly, but there is key lengthening and entropy reseeding that can help...

 

[nsaspook]

Baluncore, I'm not really looking for any rate. I don't need a rate. This is a recreational pursuit.

As for your other points, I think that unfortunately there are some errors. You're proceeding from a false assumption of how randomness can be extracted from an entropy source. Following my little test, my radio outputs approximately 1 Mbps of data. I was being conservative estimating I could extract 1 bit from 10. There is little relationship between bandwidth and the rate of entropy output.

I wasn't being facetious with the fish tank. Off the top of my head, you could probably extract something in the region of 50 kbs. Don't think which way the fish are pointing. Think camera.

You're least wrong in regards to the typing. This is the slow admittedly, but there is key lengthening and entropy reseeding that can help...

I don't think he was mistaken. The entropy source is the seed (randomizer dial) for a cryptographically secure PRNG. Having a large number of randomizer dials that only have few easily influenced setting is insecure if you (the adversary) can inject known data into the entropy pool accumulator from a known source. At high data rates you need to reseed the PRNG often so you need a large pool to generate the seed data. In total isolate the radio's noise or even the fish in a tank would work but the both can be easily influenced by external factors like a very strong signal that defeats the shielding or tapping on the tank walls to attract them in one way or another if you know it's the entropy source for the system. So if you have low quality entropy and a good secret to hash that with it can increase the confidence but then the secret and hash must both be strong cryptographically. Realistically you might get 10 kbps of noise from the radio that will have to be normalized (limited strings of ones or zeros) into a random stream of data at a lower rate of maybe a few kbps.

I've made simple entropy sources from a micro-controller SRAM bits on powerup by storing in EEPROM what SRAM bits are stuck 0/1 and which ones are random. It's not secure but does provide a simple seed hashed with CRC16 for the PRNG library with chip demos that generate random patterns on powerup using leds or LCD displays.

 

[Baluncore]

You're proceeding from a false assumption of how randomness can be extracted from an entropy source. Following my little test, my radio outputs approximately 1 Mbps of data. I was being conservative estimating I could extract 1 bit from 10. There is little relationship between bandwidth and the rate of entropy output.

That statement demonstrates your complete rejection of the fundamental principles of the Nyquist–Shannon sampling theorem.
https://en.wikipedia.org/wiki/Nyquist–Shannon_sampling_theorem
You are not discussing physics in the real world, you are in the realm of wishful thinking and science fiction.

Edit:
See; https://en.wikipedia.org/wiki/Entropy_in_thermodynamics_and_information_theory

 

[nsaspook]

That statement demonstrates your complete rejection of the fundamental principles of the Nyquist–Shannon sampling theorem.
https://en.wikipedia.org/wiki/Nyquist–Shannon_sampling_theorem
You are not discussing physics in the real world, you are in the realm of wishful thinking and science fiction.

Edit:
See; https://en.wikipedia.org/wiki/Entropy_in_thermodynamics_and_information_theory

He can't get 1 Mbps of data directly from the FM radio audio but he can use the low speed noise (if it's high quality) to generate a much faster or longer stream of data from a CSPRNG with a long repeating sequence that completely changes the sequence of a continuous and encrypted random datastream from a small changes in the mixer logic. The trick to to be able to securely generate keystreams from the low speed entropy source by masking or hiding the underlaying pattern if its not truly random but just chaotic. A similar system was used in the fleet broadcast systems build in the 50's and used until the 80's that used a several types of a noise randomizer intermixed with the true encryption stream to extend the amount of data that could be used with one key. Most of these devices were compromised in the 60's but the design was good so it only took a few simple card swaps and it was secure as ever even if they (NK) had the old machines, old key cards and understood the crypto-principles of the devices.
http://eprint.iacr.org/2014/167

 

[Baluncore]

He can't get 1 Mbps of data directly from the FM radio audio but he can use the low speed noise (if it's high quality) to generate a much faster or longer stream of data from a CSPRNG with a long repeating sequence that completely changes the sequence of a continuous and encrypted random datastream from a small changes in the mixer logic.

That is understood, but Paul Uszak has disavowed the use of a digital sequence generator.
In today's electrical environment, the Mersenne Twister is whiter than any noise from a radio or video link.

 

[Jeff Rosenbury]

Most of these devices were compromised in the 60's[.]

And there's the rub. For a one time pad to be unbreakable, the pad data must be truly random. Once non-random data shows up, it's possible to break the system.

Shannon did most of the important early work in information. Yet he also did the important early work in electronic cryptography: "Communication Theory of Secrecy Systems.

The minute you base your system on goldfish, some joker is going to come along with trained goldfish to throw a wrench in your machine.

Still, one time pads are expensive to do right and so hard to use that human users historically quickly compromise them. So secrecy is always a trade off between how badly you want to protect your data and the effort that requires.

 

[nsaspook]

And there's the rub. For a one time pad to be unbreakable, the pad data must be truly random. Once non-random data shows up, it's possible to break the system.

They weren't compromised mathematically, they used the old fashioned method of breaking in, killing people and stealing. The one time pads were also compromised. The systems were only compromised for the dates they stole the keying material for, not broken. The proof of that is the USSR paid traitors millions of dollars for crypto keys (that looked like old Hollerith punch cards) long after they had the machines with a complete set of theory and service manuals. The machines while classified were only at most SECRET, the keying material was treasure that everyone wanted.

https://www.nsa.gov/about/cryptologic_heritage/60th/interactive_timeline/Content/1960s/documents/19690228_Doc_3075790_Cryptographic.pdf

 

[Baluncore]

They weren't compromised mathematically, they used the old fashioned method of breaking in, killing people and stealing.

To put it more politely, there is theoretical cryptanalysis, undertaken by mathematicians and there is practical cryptanalysis, carried out by agents.

I cannot think of a good use for random numbers generated from Johnson noise.

 

[Jeff Rosenbury]

They weren't compromised mathematically, they used the old fashioned method of breaking in, killing people and stealing. The one time pads were also compromised.

The used one time pads should have been destroyed, making their data safe. The unused ones don't have any data associated with them.

Of course that may not have happened, but that would be another human failing (on top of the spying and such).

Few systems fail mathematically.

 

[nsaspook]

Few systems fail mathematically.

It's usually the opposite. X system has a hidden fault that's exploited (sometimes you can't read the information directly but you can still use traffic analysis if the random noise cover can be removed on a synchronous data stream) so there's no need to try money, sex or violence (in secret) to decrypt the information as a last resort unless you just like that sort of thing.
As usual North Korea did the stupid thing by resorting to open violence that in the end netted them (including China and the USSR) very little until they had a secret supplier of keying material.

 

[nsaspook]

I cannot think of a good use for random numbers generated from Johnson noise.

It's mainly useful in key distribution and protection that's always a problem even if the actual encryption system is secure but in theory can be used directly to create a secure key distro system.
The Kirchhoff-Law-Johnson-Noise (KLJN) protocol: http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3995997/

It looks great on paper but has problems that the authors gloss over.
http://arxiv.org/abs/1402.2709

 

[Baluncore]

Of course that may not have happened, but that would be another human failing (on top of the spying and such).

There were occasions when blocks of German supposed "one time" Enigma settings were reissued because of lazyness on the part of the generator clerks. That might not have been noticed if the Enigma was not being broken slowly at the time. It made for quick results since some settings were predictable for blocks of time.

There were occasians when Russian "one time" pads were issued again for the use with routine published data. The Russian pad making clerks did not understand the implications or expect the USA to cross correlate monitored messages against each other.

It is a common observation that codemakers always think that their secret cipher is unbreakable, or that their white noise is whiter than white. Those systems are soft targets for cryptanalysts who are selected because they assume that every cipher can be broken. Cryptanalysts pride themselves on being able to read a recipients mail before the recipient actually receives a decode from their ciher clerk. That has happened many times throughout history.

 

[meBigGuy]

Somewhere through all this crypto stuff I got lost. (but, that easy, since I know squat about crypto)

Baluncore said:
" I cannot think of a good use for random numbers generated from Johnson noise."

I thought Johnson noise was white and could be used for random key generation. Can you explain what I am missing?

 

[nsaspook]

I thought Johnson noise was white and could be used for random key generation. Can you explain what I am missing?

It can be one step in the process with a Key derivation function but on the systems I used the importance of the key was that it was unknown and unknowable by just looking at the stream generated using that key from the private randomizer. A key generator (KDF) might have several filters that eliminate A key or a sequence of keys. For example on some systems there were maintenance keys (sometimes inadvertently used on-line) that generated test patterns that were used to troubleshoot the device, keys that had been already used, keys that were possibility compromised (usually because someone lost one) or possibility a set of weak keys that were known to generate poor cryptographic keystreams. So simply because a key is 'random' doesn't mean it's a good key. I have no idea what the OP is planning to do but it's extremely unlikely that FM radio noise will be better than a simple noise source.

 

[Baluncore]

I thought Johnson noise was white and could be used for random key generation.

Johnson noise comes from a real source with a complex impedance. It then requires AC coupled amplification with inherent band limiting, using ageing power supplies, comparators and sampling before it becomes a bit stream.

I do not believe that the bit stream generated from Johnson Noise can be relied upon to be white or remain white. To be useful, a copy would need to be communicated and held at both ends of a data link. It is very difficult, if not impossible, to compress a random bit-stream efficiently.

I argue that a Mersenne Twister would generate a more reliable random stream. It could be seeded by something akin to tossing coins. Only the shorter seed need be communicated and held at both ends of a link.

Maybe Johnson Noise could be used to generate a short seed for a PRBS generator, but any long Johnson Noise generated bit-stream would begin to show some colour due to the electronics employed.

 

[nsaspook]

The problem is a native Mersenne Twister generates good randomness but is not Cryptographically secure, it's easy to find the internal state.
https://jazzy.id.au/2010/09/22/cracking_random_number_generators_part_3.html

 

[Baluncore]

... but is not cryptographically secure, it's easy to find the internal state.

That requires the entire internal state be exposed and accessible. Anyone can run a fully specified known generator backwards.
Where for example only a single bit from each integer is used, the state machine cannot be tracked and then predicted.

 

[nsaspook]

That requires the entire internal state be exposed and accessible. Anyone can run a fully specified known generator backwards.
Where for example only a single bit from each integer is used, the state machine cannot be tracked and then predicted.

Yes, the difficulty with a CSPRNG is getting that state from the stream in the first place and even if you do you can't reconstruct the past stream and with entropy inputs you can't know the future state.

That makes it harder but not impossible with large amounts of data if the PRNG is leaking state badly.

One that considers using a PRNG (or only a CSPRNG) for key generation is, of course, in a state of sin

Paraphrasing John Von Neumann (as cited by Donald E. Knuth)

 

[Baluncore]

That makes it harder but not impossible with large amounts of data if the PRNG is leaking state.

Likewise, Direct Sequence Spread Spectrum has code and chip leakage that is radiated.
Any leakage is like littering. I'm quite happy to wander along behind, picking up the key sequence as it is discarded.

Security is multidimensional. Any weakness in any dimension can implode the security of the entire system, without the user being aware.