Quote from: kmfkewm on September 22, 2012, 10:22 pmYour best shot at getting randomness is monitoring timing differences between keystrokes, mouse positions, keystrokes, timing between mouse movements, your screen, disk access times etc, and taking the hash of all of it. Then repeating that process constantly. Something like this is how your operating system gets randomness anyway. I don't know if this is random enough for a OTP, but it is random enough for you to use for other cryptographic algorithms, or at least it is what you have to work with anyway. Actually many modern CPU's have their own RNG's built into hardware, although I am not sure the specifics of how these RNGs work, something with thermal noise. Actually even a microphone input can be used to generate random numbers quite well. The cool thing about (many? all? definitely some.) cryptographic hashing algorithms is that they can distill and uniformly distribute randomness. If you have fifty megabytes of data which has three bits of randomness total contained within it, the cryptographic hash of the fifty megabytes of data will also contain three bits of randomness. A SHA256 output is always 256 bits, so if you hash 50 megabytes with 3 bits of randomness, the output is 256 bits 3 of which are random. Cryptographic hashing algorithms also evenly distribute the randomness of their input into their output. If a fifty megabyte file that starts with one random byte and is followed by only non-random bytes, the cryptographic hash value of the file will contain one byte of randomness equally distributed throughout it. I'm not saying this is rubbish, I mean we use this technique to obtain nice big encryption keys and so forth just like you say. What I'm thinking is that the things you are referring to there, like mouse positions, microphone input etc, must be deterministic or at least severely contained in nature, and as such are in theory replicable by an intelligent enemy with vast resources e.g. my analogy of building an equation the size of a telephone directory to predict coin flipping. If you are able to determine a small enough frame (as in the right set of information as in the Frame Problem), and you know everything there is to know about X situation, then in theory you could produce a vast equation which perfectly predicts coin flipping and thus build a machine to do that job. I appreciate that by 'in theory', we could be practically talking light years or something, but still, this is a thought experiment.The reason why this could be important, is that you never know what mathematical breakthroughs could suddenly break our previous assumptions of "sufficiently random". Or... (time for conspiracy ohwow.jpg theory) it could simply be a case of a clever side channel attack in the far distant future when there is oddles of computational power to spare. So imagine a "secret chip" on every computer there is. It could work by replicating common algorithms standard software on the market uses to obtain large random numbers (literally all the time), and then storing these 'results' in a huge database on every single computer on the planet. This way every instance of a random number generated with whatever computer based input has been stored. I appreciate this is seriously far out and in fact may not be physically possible, but if you've studied the history of cryptanalysis in World War II, you'll know that governments *did* go to extraordinary extremes with respect to their era, albeit not that particular one. I mean if you told any German officer that the Enigma machine had been cracked years ago, he'd have laughed in your face, and probably continued laughing until the day after too, yet it was accomplished. Definitely easier just to key log and nick your passphrase though, lol.For those reading this thread (because kmfkewm probably has already heard about it), there IS a big controversy at the moment over the Huawai corporation (Chinese state company), because many western security people are saying they are putting surveillance systems onto their hardware. Which is a bitch because most of you will have some kind of Huawai equipment on your machines right now. Thing is... it would seem they have been learning those tricks from American corporations... The Economist had an entire magazine dedicated to this subject, so no, it is not science fiction that a State could go to these lengths.Anyway, back to the stock market:The current stock market prices of shares, as in right now this very moment in time, are completely random in nature. This is not deterministic. All the deterministic inputs become part of the price and so only entropy is left, meaning that stock prices will move at random at any given moment. Because of the profit motive, this is never not going to be true, but it is possible to discover information that turns previous 'random' data into a recognizable pattern (and thus make future prediction possible and consistent), but this is not possible here. For contrast, it is almost certainly the case that the majority of people moving their mice about to increase entropy are doing so in similar ways. The space of possibilities might be very large, but that is not to imply people are using, or that their machines are using (e.g. read/writes to memory) the full search space. This is a passive way to obtain randomness, and it may turn out that in practice this is not a very good way of doing so. Perhaps once a person moves a mouse pointer from A to B, they approximately move it back from B to A or thereabouts. So there is predictability there and thus an opportunity for cryptanalysis (and if you think that's over the top, you haven't met any cryptanalysts, you think pine is paranoid, yeeeessh!).--Anyway, I too like the idea of the distribution of randomness using cryptographic hashing, it is definitely a nice feature, worthy of a whole topic.Quote from: kmfkewm on September 22, 2012, 10:22 pmSo in summary I am less concerned about the ability to generate randomness than I am with the problem of sharing the generated randomness between the people who would use it for a one time pad. I was thinking you (may) share private keys this way! You need to know the algorithm and send your email (using special software that sends at a very exact prearranged time). Then the other person has the timestamp for when the email was sent (not when it arrived, that wouldn't work), and they can use the algorithm to work out the current OTP decryption key in relation to current stock prices at that timestamp (or else I was imagining it to be like some exotic PGP, one key for encryption, that is useless for decryption, and visa versa, but I'm not sure how that would work across time), use it and read the information. This creates an incredibly tight window for an attack. See, you can do things like sampling the atmosphere and so on, but Alice and Bob aren't going to be able to both do that at the same time and come up with the same key without sharing. Sharing bad!Anyway... I haven't worked it all out yet as you can see, this is a stupid child implementation, but if you thought about it for a whole year I bet you'd be able to come up with something close to bulletproof.Quote from: kmfkewm on September 22, 2012, 10:22 pmto rip off XKCD.... Code: [Select]#include <stdio.h>int main(){ printf("%i", rng()); return 0;}int rng(){ int random_number = 4; //returned by a fair die, certain to be random  return random_number; }That is indeed... concise and accurate :DYou should patent this and sell it to the US military.Quote from: kmfkewm on September 22, 2012, 10:22 pmWhy not just 'randomly' type on the keyboard until you have hit a thousand keys, and then take the SHA 256 hash value of the output? Most estimates say that English has one bit of randomness per character, so it seems safe to assume that your output is a truly random 256 bit number. 19c41bf387172d7eb28fe1997af60a1e8a9b22bc56f01a772cccd6cbde8f84ef is the SHA 256 value of the previous sentence, I think it is probably 256 bits of randomness, since English prose contains about one bit of randomness per character and the sentence was 289 characters long. Because people don't randomly type on keyboards when even they are trying, thus allowing cryptanalysis heuristics a break, but more pertinently, pine finds it difficult to leave well enough alone :PThought experiments. Allowing you to come up with completely (actual) random ideas since the Greeks :)Quote from: kmfkewm on September 22, 2012, 10:22 pmA. Pounding on my keyboard and hashing the result is probably a good enough source of randomness for a OTP. B. That doesn't solve the problem of key exchange, which is the real issue.Pounding on your keyboard seems undignified somehow. Have you ever tried generating a large PGP key in an internet cafe kmfkewm? Everybody looks scared of the crazy person.