
Better security achieved with randomly generating biological encryption keys - dnetesn
https://phys.org/news/2018-12-randomly-biological-encryption-keys.html
======
mdpopescu
A pretty meaningless article. It seems that they want to generate random
numbers (to use as keys) with biological processes (instead of physical ones,
like noise generators). It would be cheaper to have minimum-wage workers throw
dice and record the results...

~~~
nickpsecurity
I agree it's pretty meaningless as cheap TRNG's are a solved problem.

Far as dice, one of my experiments in TRNG's was a shoe box full of dice.
Shake it up, dump them, put the numbers into a computer program, whiten it,
and tada. The first one used 8-sided die since each one maps cleanly to 3 bits
(2 ^ 3 = 8). The next iteraiton used regular, 6-sided die just discarding any
above four to map easily to 2 bits. Did something similar with a deck of cards
after throughout shuffling.

Such methods were good for producing an initial secret that I'd use with
algorithms like CPRNG's to produce the rest.

~~~
zokier
> Did something similar with a deck of cards after throughout shuffling.

I was under the impression that shuffled card deck is more difficult to
convert to random number, you need something like Lehmer Code. Did you find
some easy good shortcut here?

~~~
nickpsecurity
If you use 32 cards, it maps cleanly to 5-bits of entropy. You can keep the
others in there to keep shuffling randomness of 52 cards. Just ignore them
when entering numbers.

~~~
klodolph
Using 32 cards to get 5 bits of entropy only works if you are randomly
selecting a single card at a time.

If you shuffle a deck of 32 cards, you get ~117 bits, a fair bit less that the
160 bits you would get for 5 bits/card, and there's extra math.

~~~
nickpsecurity
I shuffled a full deck multiple times, no less than five, before using cards
in order ignoring any but the 32. I know shuffling all the cards adds
randomness vs just shuffling 32. I do want to know why you say two things:

1\. 32 = 117 bits of entropy, not 150, after lots of shuffling.

2\. It works if I randomly select a single card at a time but not in order
from a randomized deck. In order from a randomized deck should give the
entropy amount or close to it.

I'm not a probability expert. Just doing what I could with good, shuffling
skills. Good enough that people refused to play Spades with decks I shuffled.
So, I thought I had good entropy. I'm always up for improvements.

~~~
klodolph
The first card you draw can be any one of 32 cards. This gives you 5 bits of
entropy.

The second card can be any one of 31 cards, because it can't be the same as
the first card. This gives you log2 31 = ~4.95 bits of entropy.

If this argument isn’t convincing, think of it this way. If you draw two
cards, then there are 32 choose 2 cards you can draw, and 32 choose 2 is 496,
giving log2(496) = ~8.95 bits. You can draw them in two different orders,
giving 1 extra bit, total of ~9.95. If you _could_ draw a pair of the same
card, there are 32 different pairs to draw, giving (496 * 2) + 32
possibilities, which is 1024, and log2 1024 = 10. But you can't draw a pair of
the same card.

Or for another argument, consider that there are 32! different ways to shuffle
the deck with 32 cards. log2 32! = ~117.

------
g45y45
This is meaningless drivel. 1MB of data a second by 2020, that utter bollocks.
1MB doesn't seem like a lot, but its a million characters. Unlikely to be
generating that a second. 1K/sec is more realistic. Generating random keys
using cellular behavior? A webcam pointed at a lava lamp does the same thing
and cheaper (Cloudflare does this).

------
directionless
My read on the paper, is that it's suggesting using this as an RNG for a pre-
shared key. I found this sentence especially striking:

> Alice and Bob, secretly, exchange their private key, X, generated using the
> spatiotemporal randomness of the T cell population.

It's always interesting to read about new RNG methods, but that seems pretty
far from a crypto system.

~~~
directionless
Paper is downloadable from
[https://www.researchgate.net/publication/329423153_Biologica...](https://www.researchgate.net/publication/329423153_Biological_One-
Way_Functions_for_Secure_Key_Generation)

------
Nomentatus
Spinthariscope

