True Random Numbers with RTL-Entropy

RTL-Entropy is a Linux based entropy generator which uses the RTL-SDR as the entropy source. It works by using the RTL-SDR to sample atmospheric noise and then using that noise to create randomly generated numbers.

This is useful as computers are only capable of generating pseudo-random numbers, which may look random, but are not truly random. For cryptography and security, it is desirable to use true random numbers, as pseudo-random numbers can possibly be predicted. Combining this RTL-SDR based entropy source with other entropy sources may help improve security.

Subscribe
Notify of
guest

5 Comments
Inline Feedbacks
View all comments
Peter

Ok, here goes…
I create a Random Number Generator that I start, then at a human random time I ask for a number [press a button at an x time] – It has been generating RN (random numbers since I started it, until when I pressed the ‘generate’ button)
It then uses that random number I asked for to listen at that frequence on an SDR and ‘down load’ 8 bits of what ever it hears at that time [usualy static] I then use those 8 bits and add them to another random generated 8 bit computer number.
This 16 bit number gets split into a string of 2x 8 bit numbers by taking
“2468” of the string to a first stack and “1357” to the second stack.
I generate another computer number. if even, I use 1st stack as the frequency, if odd I use the second stack as the frequency. the Other stack I use as a time shift To take a randdom sample at time ‘other stack’ and sample 16 bits of static.
From thoses 16 bits, I generate a number of the length required. If I need a bigger number, I reiterate the process to create another 16 bits, until done.
BTW my SDR is a HackRF, with a span from 1MHz. to 6Ghz. [think you can spoof that?]
Whole process takes 45mS. for a 200 digit number

Eddie

Gasoline, btw, will probably be very expensive.

Eddie

Umm… Not to nit-pick or anything but I think the jury is still out on the existence of TRUE random numbers. But yes, for those of us who are not God (or whatever your favorite all-knowing, all-seeing entity may be), atmospheric noise is a great way to get seemingly random information.

Given a few thousand more years to evolve better brains and develop technology (or become Gods) it is conceivable that we (or our successors) might learn to “sniff” the atmospheric noise in order to predict lightning strikes, earthquakes, or even the price of gasoline.

If I become a God, I’ll come down and give you a pencil that only writes TRUE random numbers… if you still want it. Then I’ll smote someone because I’ve always wanted to do that.

Aaron Toponce

Atmospheric noise is a horrible way to get random sequences of data. Atmospheric noise is nothing more than an RF receiver, and anyone on the same frequency can manipulate the signal, and manipulate your “random bits”. You’re better off tuning into multiple unique frequencies simultaneously, putting that data into a pool, then whitening. And even then, there is nothing stopping me from manipulating the signals that you’re tuned to.

The best random data systems are the ones that are closed to external interference, like radioactive decay, avalanche noise, or diode breakdown. Thermal noise could be an option, but if the external temperature of the surrounding environment can be manipulated by a 3rd party, then it fails as well. Shot noise and passing photos through a semi transparent mirror could work, if the system is closed, for the same reason.

Random numbers is hard. While the rtl-entropy project is cool, I would much prefer to send it through the systems CSPRNG, and get your data from there, rather than read it directly.

Toby

True, but it seems like an unlikely attack, as they’d need to be nearby, but not so close as to have physical access (since presumably that’d be a more serious problem).