Why does a radio still work inside a metal box?

[Baluncore]

How do you reconcile this thesis with the results of my experiment, whereby FM reception was totally blocked by the thin tin..?

It was not totally blocked.
The phase noise of the first LO in the cheap FM receiver was greater than it's sensitivity to the RF signal available inside the tin.

 

[Paul Uszak]

Baluncore, I'm not really looking for any rate. I don't need a rate. This is a recreational pursuit.

As for your other points, I think that unfortunately there are some errors. You're proceeding from a false assumption of how randomness can be extracted from an entropy source. Following my little test, my radio outputs approximately 1 Mbps of data. I was being conservative estimating I could extract 1 bit from 10. There is little relationship between bandwidth and the rate of entropy output.

I wasn't being facetious with the fish tank. Off the top of my head, you could probably extract something in the region of 50 kbs. Don't think which way the fish are pointing. Think camera.

You're least wrong in regards to the typing. This is the slow admittedly, but there is key lengthening and entropy reseeding that can help...

 

[nsaspook]

Baluncore, I'm not really looking for any rate. I don't need a rate. This is a recreational pursuit.

As for your other points, I think that unfortunately there are some errors. You're proceeding from a false assumption of how randomness can be extracted from an entropy source. Following my little test, my radio outputs approximately 1 Mbps of data. I was being conservative estimating I could extract 1 bit from 10. There is little relationship between bandwidth and the rate of entropy output.

I wasn't being facetious with the fish tank. Off the top of my head, you could probably extract something in the region of 50 kbs. Don't think which way the fish are pointing. Think camera.

You're least wrong in regards to the typing. This is the slow admittedly, but there is key lengthening and entropy reseeding that can help...

I don't think he was mistaken. The entropy source is the seed (randomizer dial) for a cryptographically secure PRNG. Having a large number of randomizer dials that only have few easily influenced setting is insecure if you (the adversary) can inject known data into the entropy pool accumulator from a known source. At high data rates you need to reseed the PRNG often so you need a large pool to generate the seed data. In total isolate the radio's noise or even the fish in a tank would work but the both can be easily influenced by external factors like a very strong signal that defeats the shielding or tapping on the tank walls to attract them in one way or another if you know it's the entropy source for the system. So if you have low quality entropy and a good secret to hash that with it can increase the confidence but then the secret and hash must both be strong cryptographically. Realistically you might get 10 kbps of noise from the radio that will have to be normalized (limited strings of ones or zeros) into a random stream of data at a lower rate of maybe a few kbps.

I've made simple entropy sources from a micro-controller SRAM bits on powerup by storing in EEPROM what SRAM bits are stuck 0/1 and which ones are random. It's not secure but does provide a simple seed hashed with CRC16 for the PRNG library with chip demos that generate random patterns on powerup using leds or LCD displays.

 

[Baluncore]

You're proceeding from a false assumption of how randomness can be extracted from an entropy source. Following my little test, my radio outputs approximately 1 Mbps of data. I was being conservative estimating I could extract 1 bit from 10. There is little relationship between bandwidth and the rate of entropy output.

That statement demonstrates your complete rejection of the fundamental principles of the Nyquist–Shannon sampling theorem.
https://en.wikipedia.org/wiki/Nyquist–Shannon_sampling_theorem
You are not discussing physics in the real world, you are in the realm of wishful thinking and science fiction.

Edit:
See; https://en.wikipedia.org/wiki/Entropy_in_thermodynamics_and_information_theory

 

[nsaspook]

That statement demonstrates your complete rejection of the fundamental principles of the Nyquist–Shannon sampling theorem.
https://en.wikipedia.org/wiki/Nyquist–Shannon_sampling_theorem
You are not discussing physics in the real world, you are in the realm of wishful thinking and science fiction.

Edit:
See; https://en.wikipedia.org/wiki/Entropy_in_thermodynamics_and_information_theory

He can't get 1 Mbps of data directly from the FM radio audio but he can use the low speed noise (if it's high quality) to generate a much faster or longer stream of data from a CSPRNG with a long repeating sequence that completely changes the sequence of a continuous and encrypted random datastream from a small changes in the mixer logic. The trick to to be able to securely generate keystreams from the low speed entropy source by masking or hiding the underlaying pattern if its not truly random but just chaotic. A similar system was used in the fleet broadcast systems build in the 50's and used until the 80's that used a several types of a noise randomizer intermixed with the true encryption stream to extend the amount of data that could be used with one key. Most of these devices were compromised in the 60's but the design was good so it only took a few simple card swaps and it was secure as ever even if they (NK) had the old machines, old key cards and understood the crypto-principles of the devices.
http://eprint.iacr.org/2014/167

 

[Baluncore]

He can't get 1 Mbps of data directly from the FM radio audio but he can use the low speed noise (if it's high quality) to generate a much faster or longer stream of data from a CSPRNG with a long repeating sequence that completely changes the sequence of a continuous and encrypted random datastream from a small changes in the mixer logic.

That is understood, but Paul Uszak has disavowed the use of a digital sequence generator.
In today's electrical environment, the Mersenne Twister is whiter than any noise from a radio or video link.

 

[Jeff Rosenbury]

Most of these devices were compromised in the 60's[.]

And there's the rub. For a one time pad to be unbreakable, the pad data must be truly random. Once non-random data shows up, it's possible to break the system.

Shannon did most of the important early work in information. Yet he also did the important early work in electronic cryptography: "Communication Theory of Secrecy Systems.

The minute you base your system on goldfish, some joker is going to come along with trained goldfish to throw a wrench in your machine.

Still, one time pads are expensive to do right and so hard to use that human users historically quickly compromise them. So secrecy is always a trade off between how badly you want to protect your data and the effort that requires.

 

[nsaspook]

And there's the rub. For a one time pad to be unbreakable, the pad data must be truly random. Once non-random data shows up, it's possible to break the system.

They weren't compromised mathematically, they used the old fashioned method of breaking in, killing people and stealing. The one time pads were also compromised. The systems were only compromised for the dates they stole the keying material for, not broken. The proof of that is the USSR paid traitors millions of dollars for crypto keys (that looked like old Hollerith punch cards) long after they had the machines with a complete set of theory and service manuals. The machines while classified were only at most SECRET, the keying material was treasure that everyone wanted.

https://www.nsa.gov/about/cryptologic_heritage/60th/interactive_timeline/Content/1960s/documents/19690228_Doc_3075790_Cryptographic.pdf

 

[Baluncore]

They weren't compromised mathematically, they used the old fashioned method of breaking in, killing people and stealing.

To put it more politely, there is theoretical cryptanalysis, undertaken by mathematicians and there is practical cryptanalysis, carried out by agents.

I cannot think of a good use for random numbers generated from Johnson noise.

 

[Jeff Rosenbury]

They weren't compromised mathematically, they used the old fashioned method of breaking in, killing people and stealing. The one time pads were also compromised.

The used one time pads should have been destroyed, making their data safe. The unused ones don't have any data associated with them.

Of course that may not have happened, but that would be another human failing (on top of the spying and such).

Few systems fail mathematically.

 

[nsaspook]

Few systems fail mathematically.

It's usually the opposite. X system has a hidden fault that's exploited (sometimes you can't read the information directly but you can still use traffic analysis if the random noise cover can be removed on a synchronous data stream) so there's no need to try money, sex or violence (in secret) to decrypt the information as a last resort unless you just like that sort of thing.
As usual North Korea did the stupid thing by resorting to open violence that in the end netted them (including China and the USSR) very little until they had a secret supplier of keying material.

 

[nsaspook]

I cannot think of a good use for random numbers generated from Johnson noise.

It's mainly useful in key distribution and protection that's always a problem even if the actual encryption system is secure but in theory can be used directly to create a secure key distro system.
The Kirchhoff-Law-Johnson-Noise (KLJN) protocol: http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3995997/

It looks great on paper but has problems that the authors gloss over.
http://arxiv.org/abs/1402.2709

 

[Baluncore]

Of course that may not have happened, but that would be another human failing (on top of the spying and such).

There were occasions when blocks of German supposed "one time" Enigma settings were reissued because of lazyness on the part of the generator clerks. That might not have been noticed if the Enigma was not being broken slowly at the time. It made for quick results since some settings were predictable for blocks of time.

There were occasians when Russian "one time" pads were issued again for the use with routine published data. The Russian pad making clerks did not understand the implications or expect the USA to cross correlate monitored messages against each other.

It is a common observation that codemakers always think that their secret cipher is unbreakable, or that their white noise is whiter than white. Those systems are soft targets for cryptanalysts who are selected because they assume that every cipher can be broken. Cryptanalysts pride themselves on being able to read a recipients mail before the recipient actually receives a decode from their ciher clerk. That has happened many times throughout history.

 

[meBigGuy]

Somewhere through all this crypto stuff I got lost. (but, that easy, since I know squat about crypto)

Baluncore said:
" I cannot think of a good use for random numbers generated from Johnson noise."

I thought Johnson noise was white and could be used for random key generation. Can you explain what I am missing?

 

[nsaspook]

I thought Johnson noise was white and could be used for random key generation. Can you explain what I am missing?

It can be one step in the process with a Key derivation function but on the systems I used the importance of the key was that it was unknown and unknowable by just looking at the stream generated using that key from the private randomizer. A key generator (KDF) might have several filters that eliminate A key or a sequence of keys. For example on some systems there were maintenance keys (sometimes inadvertently used on-line) that generated test patterns that were used to troubleshoot the device, keys that had been already used, keys that were possibility compromised (usually because someone lost one) or possibility a set of weak keys that were known to generate poor cryptographic keystreams. So simply because a key is 'random' doesn't mean it's a good key. I have no idea what the OP is planning to do but it's extremely unlikely that FM radio noise will be better than a simple noise source.

 

[Baluncore]

I thought Johnson noise was white and could be used for random key generation.

Johnson noise comes from a real source with a complex impedance. It then requires AC coupled amplification with inherent band limiting, using ageing power supplies, comparators and sampling before it becomes a bit stream.

I do not believe that the bit stream generated from Johnson Noise can be relied upon to be white or remain white. To be useful, a copy would need to be communicated and held at both ends of a data link. It is very difficult, if not impossible, to compress a random bit-stream efficiently.

I argue that a Mersenne Twister would generate a more reliable random stream. It could be seeded by something akin to tossing coins. Only the shorter seed need be communicated and held at both ends of a link.

Maybe Johnson Noise could be used to generate a short seed for a PRBS generator, but any long Johnson Noise generated bit-stream would begin to show some colour due to the electronics employed.

 

[nsaspook]

The problem is a native Mersenne Twister generates good randomness but is not Cryptographically secure, it's easy to find the internal state.
https://jazzy.id.au/2010/09/22/cracking_random_number_generators_part_3.html

 

[Baluncore]

... but is not cryptographically secure, it's easy to find the internal state.

That requires the entire internal state be exposed and accessible. Anyone can run a fully specified known generator backwards.
Where for example only a single bit from each integer is used, the state machine cannot be tracked and then predicted.

 

[nsaspook]

That requires the entire internal state be exposed and accessible. Anyone can run a fully specified known generator backwards.
Where for example only a single bit from each integer is used, the state machine cannot be tracked and then predicted.

Yes, the difficulty with a CSPRNG is getting that state from the stream in the first place and even if you do you can't reconstruct the past stream and with entropy inputs you can't know the future state.

That makes it harder but not impossible with large amounts of data if the PRNG is leaking state badly.

One that considers using a PRNG (or only a CSPRNG) for key generation is, of course, in a state of sin

Paraphrasing John Von Neumann (as cited by Donald E. Knuth)

 

[Baluncore]

That makes it harder but not impossible with large amounts of data if the PRNG is leaking state.

Likewise, Direct Sequence Spread Spectrum has code and chip leakage that is radiated.
Any leakage is like littering. I'm quite happy to wander along behind, picking up the key sequence as it is discarded.

Security is multidimensional. Any weakness in any dimension can implode the security of the entire system, without the user being aware.

 

[nsaspook]

Likewise, Direct Sequence Spread Spectrum has code and chip leakage that is radiated.
Any leakage is like littering. I'm quite happy to wander along behind, picking up the key sequence as it is discarded.

Security is multidimensional. Any weakness in any dimension can implode the security of the entire system, without the user being aware.

Yes, and what's good (Mersenne twister and many others Kiss) for games and statistical or physics simulations is not good for Crypto where you have an attacker.

 

[Jeff Rosenbury]

It's usually the opposite. X system has a hidden fault that's exploited (sometimes you can't read the information directly but you can still use traffic analysis if the random noise cover can be removed on a synchronous data stream) so there's no need to try money, sex or violence (in secret) to decrypt the information as a last resort unless you just like that sort of thing.
As usual North Korea did the stupid thing by resorting to open violence that in the end netted them (including China and the USSR) very little until they had a secret supplier of keying material.

Perhaps I should have said, purely mathematically.

I was thinking of side channel attacks, often involving some engineer/operator making a mistake. A recent example was the flaw in browser security where someone found a way to force browsers to use a less secure legacy encryption system. While I suppose that could be looked at as a mathematical failure of the system, it didn't make the system useless in a mathematical sense, but it did require a software update.

Another example is the Advanced Encryption System's vulnerability to power systems attacks. It seems that someone with a good scope can look at the CPU's power usage while the CPU is encrypting/decrypting and read the key in the waveform. Again, it's somewhat mathematical, but doesn't invalidate the conceptual system. (Though fixing that problem isn't trivial.)

So even with a strong mathematical system, implementation is often weak.

Smart people are needed throughout the development lifecycle. And when someone smarter comes along...

 

[nsaspook]

Smart people are needed throughout the development lifecycle. And when someone smarter comes along...

and they get hired by XXX.
https://p.gr-assets.com/540x540/fit/hostedimages/1389217464/8006750.jpg

 

[nsaspook]

I thought Johnson noise was white and could be used for random key generation. Can you explain what I am missing?

If it's a little 'off WHITE' that's still good as the process turns RED into BLACK. Red/black

http://fas.org/irp/program/security/blacker.htm

 

[Sun E Man]

Here is something to think about. As radio frequencies get higher they act more light and are absorbed or reflected. In Ham radio, re-peters are set on high towers or mountains because line of sight communication is only possible at 147mhz. and above under normal conditions. Try holding a cookie sheet close to your radio between your radio and the transmitting station. You may get nearly the same result as you do inside the tin. Leakage of the tin may not be the problem. Also AM radio stations put out a much stronger signal, in the thousands of watts and most FM stations are less than 1000 watts. If you can you may want to try your test close to a FM station and see what the result is.

 

[Paul Uszak]

That statement demonstrates your complete rejection of the fundamental principles of the Nyquist–Shannon sampling theorem.
https://en.wikipedia.org/wiki/Nyquist–Shannon_sampling_theorem
You are not discussing physics in the real world, you are in the realm of wishful thinking and science fiction.

Edit:
See; https://en.wikipedia.org/wiki/Entropy_in_thermodynamics_and_information_theory

I think that this is a good point, and I've broken it out somewhat into another thread: https://www.physicsforums.com/threads/can-pocket-fm-radio-output-at-50khz.819734/

Depending on how that one goes, I think that I might just be discussing physics in the real world, it's just that I think you've miss-understood the conditions under which the Nyquist–Shannon sampling theorem applies. Figure 1 of your wiki rebuttal captures it in a nutshell. The sampling rate (therefore the information content) is dependant on sampling a source which has a limited Fourier transform. The bandwidth may be broader than you've stated.

 

[Paul Uszak]

So if you have low quality entropy and a good secret to hash that with it can increase the confidence

This is a common fallacy that people have fallen for.

Fly by night companies are always saying they have a super dooper security algorithm, but they won't tell you how it works or publish the source code. For "Security" they say. Security through obscurity is no security at all. All the cryptographic algorithms in mainstream use are entirely in the public domain. They rely on the inherent mathematical principles they are based upon, not any "clever" secret. My extraction code is free for anyone to inspect. The more people inspect it, the more people will trust it and develop confidence in the final product. Trust does not equal secrecy. Rather the opposite. Think your Government.

The quality of an entropy source is irrelevant to the quality of the final random output. It just means than weak entropy sources produce truly random numbers at a slower rate than strong sources.That's why radio noise and fish work as strong random number generators (End on picture of a fish, not a kiss.)

 

[nsaspook]

This is a common fallacy that people have fallen for.

Fly by night companies are always saying they have a super dooper security algorithm, but they won't tell you how it works or publish the source code. For "Security" they say. Security through obscurity is no security at all. All the cryptographic algorithms in mainstream use are entirely in the public domain. They rely on the inherent mathematical principles they are based upon, not any "clever" secret. My extraction code is free for anyone to inspect. The more people inspect it, the more people will trust it and develop confidence in the final product. Trust does not equal secrecy. Rather the opposite. Think your Government.

I mainly agree, we always assumed the USSR had serial #1 of any new device we used. Obscurity of principle doesn't provide security unless that obscurity is protected by force as a part of the key. Fly by night companies can't kill you or lock you up for long periods of time but Governments can. An important aspect of obscurity (in the right place and done right) is not that it provides ultimate security but how it can increase the 'effort' to possibly decode in a timely fashion when it it's possible the system can be compromised in some way. Most critical information is time sensitive so if you can increase the decode time from a day to a week by secretly swapping cards by trusted personnel to force a reanalysis of the system, that's a win if you understand the capabilities of the attacker in a tactical situation.

 

[Baluncore]

"Remember, the Enemy also listens".

"To transmit is tantamount to Treason".

 

[arydberg]

How do you reconcile this thesis with the results of my experiment, whereby FM reception was totally blocked by the thin tin..?

Please try grounding the can to the ground on the radio.