It Begs The Question
Hey…I'm just saying… And while we're at it, why are you defending them?

TRNG – True Random Data Project August 31, 2015

TRNGs – True Random Number Generators

There are Random Numbers, and then there are Random Numbers.  And in the world of computers (and the internet) we get random numbers by generating them.  And we use them a lot!  In particular we need and use random numbers to encrypt data that flies back and forth across the internet (like passwords, credit card numbers, etc.).  In the world of Random Numbers there is also a notion of “TRUE Random Numbers.”   Interested?  Then…

Lock The Gates!

There are essentially 3 ways to generate random numbers.  By using a:

  • PRNG, (Pseudo-random Number Generator)
  • CSPRNG (cryptographically secure pseudo-random number generator)
  • TRNG  (TRUE Random Number Generator)

 

A PRNG is a Pseudo-random number generator.  For most of us our exposure to a PRNG is via one of the many RAND() or RANDOM() functions/classes that are part and parcel  of virtually all programming languages like C, VB, Python, and so on.  Here are some good treatments of Pseudo-random number generators (PRNGs)… They are not rocket surgery but they are well worth reading:

https://en.wikipedia.org/wiki/Pseudorandom_number_generator

https://www.khanacademy.org/computing/computer-science/cryptography/crypt/v/random-vs-pseudorandom-number-generators

 

A CSPRNG is a cryptographically secure pseudo-random number generator (CSPRNG) or cryptographic pseudo-random number generator (CPRNG).  They have properties that make them suitable for use in cryptography.

Both PRNGs and CSPRNGs have their benefits, but they have some drawbacks.  In particular, they are NOT provably secure and may have backdoors and/or flaws that make their use for encryption “suspect.”

https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator
https://msdn.microsoft.com/en-us/library/system.security.cryptography.rngcryptoserviceprovider(v=vs.110).aspx

and LOTs of good stuff here:

https://www.schneier.com

And that finally brings us to TRNGs

 

which is the subject of this Post and the associated C# program (project).  Read some good stuff here before we start:

https://www.random.org/    and especially read this:
https://www.random.org/randomness/

https://en.wikipedia.org/wiki/Hardware_random_number_generator

So what is “True” random data good for?  For one thing it’s what we would use for 100% security in encrypting data.  That is,

we use “True” random data as the key of a OTP (One-Time Pad). 

Read about One-Time Pads (OTP) here:

https://en.wikipedia.org/wiki/One-time_pad
https://www.khanacademy.org/computing/computer-science/cryptography/crypt/v/one-time-pad

A TRNG is (always? generally?) based on physical phenomena like radioactive decay, rolling dice, flipping coins, and other stuff like “noise” from diodes.  For my hobby experiment/project I chose to

Use Radio Static as the basis of a TRUE Random Number Generator

(I am not the only one).

I connected an FM radio to a microphone (connected to my computer) and tuned the radio to an unused frequency in order to get static.  I could then write a program to “read” the microphone.  But I found an easier way… MUCH EASIER for a variety of reasons. 

 

Radio–>Mic –> computer/AUDACITY –> WAV file –> C# pgm–> “True Random Data”

 

What I did was to run the AUDACITY audio application (originally from Google).  It’s a fabulous product.  Look here:

 http://web.audacityteam.org/
http://sourceforge.net/projects/audacity/

I had Audacity record  the radio’s static noise from the microphone and save it to a WAV file.  Then my program (in C#) could read the WAV file and use the least significant bytes (LSBs) of the audio samples as my data.  Note that processing a WAV file is more complicated than one might suppose at first glance.   Anywho…

The theory is that the radio Static/Noise is random and that this randomness is carried forward to the LSB (least significant BYTE) of the  corresponding audio sampling data of the resulting WAV file.

It’s important to note that by working from the WAV file it was tremendously easier to test and debug the program since tests were repeatable.  And I could test with and compare various sources… Not just radio static.  I could EASILY use Blondie or Dylan songs too!

Also, I had this notion that I could further ensure randomness of the data by constructing bytes of data by using ONLY the LEAST SIGNIFICANT BITs of the bytes of 8 audio samples.  I.e.  Read 8 audio samples and use the 8 LSBits to construct 1 byte of TRNG data.  Then rinse and repeat.
It turns out that this “LS-Bit” technique does make a difference when using some “songs” as the data source but does NOT make a difference if using WAV files of “radio static” as the source.  This gives us additional confidence as to the randomness of the “radio static.”

The end result of all this is that, for what it’s worth, I now have a homemade True Random Number Generator (TRNG) that can produce TRUE RANDOM DATA for a OTP that I can then use to encrypt data that can NOT be defeated… for what it’s worth.

 

Here are a couple of screen prints of the C# program…  It’s pretty simple.

 

The following shows the DETAILS of the BYTES constructed from the LSBits  in the audio samples (Show Final Stats ONLY is unchecked).  Results are shown for both left and right audio channels.

 

TRNGwav_1

 

The next example shows the SUMMARY results for 100,000 byte pairs of constructed data.  Show Final Stats ONLY is checked so only summary counts are shown for each of the 256 possible byte values for left and right audio channels.  100,000 byte pairs  of constructed data from the LSBits means that 800,000 stereo audio samples were read from the WAV file (fmradio.wav).

 

 

TRNGwav_2

 

 

If you are interested in the C# program source (Visual Studio project) then just leave a comment and I will post it.

 

Open The Gates!

Categories Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *