Perry E. Metzger (perry@piermont.com)
Tue, 07 Jul 1998 13:47:54 -0400
Ben Laurie writes:
> The problem I'm having is that, as someone pointed out, there appears to
> be essentially as much entropy as you have the timing resolution to
> count.
True, but on the other hand, that can get dangerous in various ways.
1) Unnoticed biases in the counting method. Note that most computer
interfaced geiger counters speak to your computer over a serial line,
which is clocked. Event timing is thus not nearly as high resolution
or random as you would like.
2) Biases in statistical curve. The decays do not occur according to a
uniform distribution, so you have to make some sort of allowances for
somehow converting the distribution into a uniform one by some
mechanism.
This is not to say that more bits can't be eked out, but the analysis
has to be very good.
> This makes me think that there is far more than 1/3 of a bit
> available per hit, but what actually limits it are, presumably, things
> like the accuracy and vulnerability to outside influence of the timer,
> speed of response of the tube, accuracy of circuitry that detects the
> hit, and so on (incidentally, as often seems to be the case, perhaps
> this circuitry is actually the most vulnerable part of the system - how
> much radio energy do I have to point at it to control it?). At this
> point it becomes rather difficult to analyse.
The difficulty of analysis is precisely why I'd say that Walker's
method is nice and clean. It produces unbiased data that is very
clean, albeit slowly. If you can live with the "slowly" part, why not
do so? Otherwise, it is best to very solidly analyse what one is
doing. There are a million ways things can go wrong, and your opponent
has a far longer time to think than you have to work -- the Venona
intercepts were broken over a period of decades, remember.
BTW, all crypto is economics. If your information will be valueless in
six minutes and was only worth a quarter to begin with, none of this
need concern you too deeply. I'm playing "worst case" with most of my
assumptions on what people are doing with their cryptosystems here.
Perry
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:11 ADT