
RTL-entropy: Uses RTL-SDR to turn a DVB-T dongle into an entropy source - liotier
https://github.com/pwarren/rtl-entropy
======
tomswartz07
I think what's so attractive about the RTL-SDR devices is that they're so
cheap and have such a huge variety of applications.

With a $10 dongle, you can go from tracking airplanes, to reading your
wireless electric meter, to listening to local amateur radio, and then to an
additional entropy source.

I double I'll ever get tired of playing with this little radio.

------
nimbius
one of the dangers of the RTL entropy source project is not that it is
predictable, but that it can be made to become predictable. By determining the
frequency the device is listening on, you could inject a signal over the air
that causes the entropy to conform to a known pattern. Even Lavarand users
blend their entropy sources.

Ive used the RTL as a blended entropy source for my kubernetes pi cluster
project, but blended it with signal data from the open source FST-01 from the
flying stone project. this in turn gets randomly audited by dieharder.
[http://webhome.phy.duke.edu/~rgb/General/dieharder.php](http://webhome.phy.duke.edu/~rgb/General/dieharder.php)

My RTL entropy generator changes frequencies every 6 hours to a frequency
determined by a script referencing /dev/urandom.

~~~
amelius
From the readme:

> If you're serious about the cryptographic security of your entropy source,
> you should probably short, or put a 75 Ohm load on the antenna port, and put
> the whole assembly in a shielded box. Then you're getting entropy from the
> thermal noise of the amplifiers which is much harder to interfere with than
> atmospheric radio.

~~~
muxator
And thermal noise is - almost by definition - the best source of white noise
you can get in this world...

------
kkielhofner
My company sponsored some enhancements to this project several years ago and I
blogged about it back then (without much interest).

I still think it's a great effort but as others have pointed out here it
shouldn't be your only source of entropy and I'd feel a lot better about it if
it were properly reviewed/hammered on.

Still, it's really cool to randomly see the project front page on HN years
later!

------
Tomte
Nice project, but obviously: don't rely (solely) on this entropy.

There are all kinds of conceivable failure modes that software cannot detect,
let alone handle.

Statistic tests are good, but only of limited use.

~~~
bloopernova
Do you have any recommendations for other, high quality, sources of entropy?

~~~
lathiat
In most cases you can use the Intel CPU included RNG by installed rng-tools to
feed it into the kernel entropy pool

Otherwise I’d be happier using a similarly priced USB tool that is at least
designed for the job such as the ChaosKey which is also open hardware and
firmware and has a Linux driver in tree

~~~
paulie_a
With all the issues with Intel, I would be weary of trusting their
implementation.

~~~
jnbiche
It's "wary". The word "weary" means tired.

Edit: Just curious: are people downvoting because they disagree with my
proposed spelling, or because they don't like the correction? Please let me
know so I can integrate this knowledge into future comments.

------
VMG
Is it better than a webcam image piped through sha256?

~~~
IgorPartola
No? Yes? Neither? Both?

I've seen enough of these discussions to be able to parrot back to you some of
the usual responses. Basically, say that you point your webcam at a perfectly
black sheet (0x000000 in color). Will you get any actual entropy from this?
No.

Now say you point your webcam at the night sky. On a clear night, I will more
or less know what your camera is looking at, and will be able to to narrow
down the huge field of possible values presented by sha256 to a much smaller
set of possibilities. Knowing when you generated your private key and your
method of getting entropy, I will be able to crack your key much easier
(doesn't mean easy, just many orders of magnitude easier).

Now, say you point your webcam at a lava lamp, or the display showing
characteristics of some quantum process, or something else provably random.
Here I can't really tell wtf your camera is looking at. I can of course go and
slide that black sheet in front of your camera for a bit. Or stand in front of
it. But if you physically secure your camera, then yeah you are doing
something right (though of course not everything, as it's quite possible that
something in your algorithm is in fact reducing your possible output to only
some subset of possible values produced by sha256).

It's the same thing with radio. If you tune it to a signal that's producing a
sine wave with a stable frequency... I know exactly what your input is. If you
tune it to something like the BBC, I know exactly what your input is, even
with some noise. If you tune it to something really random, can I just put a
very strong transmitter near your receiver and overwhelm the spectrum such
that you are listening to only my signal? And the best part is that you won't
know that this is happening even more than with a webcam.

Personally, I wouldn't really want to trust these devices. They are fun. but
they aren't practical for this purpose. Where you need real entropy is a data
center. And a data center won't be receiving too much radio.

Again, parroting every other thread about this, a reverse biased transistor
will give you true quantum randomness which is very cheap, very easy to
produce, and is difficult to temper with at a distance without disrupting the
rest of your equipment too.

Again, you don't need as much entropy as you think. Your kernel will seed a
CSPRNG with a tiny bit of entropy, which is enough to keep you safe for eons
after that. You can't "run out" of entropy with that scheme. The biggest issue
is to initialize the random number generator with true entropy before you
start using it, which is only difficult if you are running virtual machines
and the host doesn't provide entropy to it. I believe at least in some schemes
the seed used is based on time or some such predictable factor, which doesn't
help.

~~~
tjoff
How will you be able to reduce the field of possible values presented by
sha256 if you approximately know the source image? There is still noise in the
image and several orders of magnitude more data. You assume that brute forcing
similar images and hashing the result would be easier than just brute forcing
the sha256.

~~~
IgorPartola
That's exactly what I assume. If I know 90% of the image, but need to brute
force 10%, I just reduce the possible field of values by an order of
magnitude. The better I know what the image was to begin with, the easier it
gets. That's exactly why poor RNGs are bad: I can brute force the value by
knowing your method + approximately your input.

And if I can affect the image in a way that makes it even more predictable
(black sheet over the camera, bright white light into the camera), it gets
even easier.

~~~
silotis
Doing a little back-of-the-envelope math, a 1080p image has a total of
1920x1080x3 = 6,220,800 subpixels. That means each subpixel needs to have less
than 0.00004 bits of entropy for there to be less than 256 bits in a single
image. Surely a typical consumer CCD will introduce more noise than that. A
potential catch is that the noise is likely correlated to a degree. Still,
it's not clear that even a webcam pointed at a black sheet of paper is
insufficient as a source of entropy.

------
jlgaddis
This is an interesting project and I've played with it in the past.

Note, however, you should not use this for any real purpose. I saw a video on
Youtube a while back of the author presenting this (at a LUG meeting or some
such) and even he warns against using it for any real purpose.

So play around with it, hack on it, etc., but do not, by any means,
incorporate this into any process that requires actual entropy for
cryptographic purposes.

~~~
SlowBro
Why not?

~~~
IntelMiner
Speculation:

A digital TV signal is a lot more repeatable than an analog one. A digital
signal doesn't have the "TV static" effect of an analog signal that may
introduce different entropy between two devices pulling the same signal in
different locations

~~~
jamesmcnalley
I'm not sure I agree that a digital TV signal has more repetition than analog.
It is possible, but worth investigating.

That said, although the DVB-T dongles were intended for digital TV use, the
typical demodulators (such as [http://www.amateur-radio-
wiki.net/index.php?title=RTL2832](http://www.amateur-radio-
wiki.net/index.php?title=RTL2832)) have an extremely wide frequency range and
can be repurposed all over that range.

Absolutely use extreme caution when adopting a new source of entropy.

------
JoeDaDude
Von Neumann debiasing is well known, but I was unable to find a reference for
Kaminsky debiasing . Can anyone point me to a description of what that is?

~~~
eythian
This might help:
[https://www.finnie.org/2012/08/14/twuewand-2-0-released/](https://www.finnie.org/2012/08/14/twuewand-2-0-released/)

------
2aa07e2
I have used youtube-dl with video_entropyd on a newly created DO server. Could
be a nice alternative for anyone who hasn't physical access to their server to
install such a dongle.

------
pishpash
Putting it in a box (what they suggest as an alternative) is better, and you
don't need the RTL for that. The whole point is to take as local a measurement
as you can.

------
mitchellberry
Would be interesting to see this run through some statistical batteries.
DieHarder and TestU01 still seem to be the gold standards.

------
bdz
I use mine to track airplanes. Much more fun.

~~~
mlamat
I did the same thing, but then realised it's pointless when you have
flightradar24.com ...

~~~
bdz
Some of the military and cargo planes are not showing up on Flightradar yet
you can track them on your own.

