Brent Saner on 1 Oct 2007 06:18:03 -0000 |
has anyone used this method before? just saw it in the comments on a slashdot article. "128 bits. Roll one 8-sided die 51 times (discarding the least-significant bit of the last roll). To speed up the process, get one of those clear boxes they use to make sure people take the right number of pills per day. Get one with more than 22 boxes. (4 times a day for a week = 28, fairly common) Put dice in boxes. Put a sheet of something solid on the door side. Shake. Invert. voila, random byte strings. w/ 28 boxes you have 84 random bits. Repeat twice for your 152 bit key, dropping the last 16 bits. chessex.com has a variety of dice - you can can order single d8s for .50c.
I'm fairly certain you could find cheaper prices. I estimate the total
cost of this hardware randomizer at $20 if done on the cheap. Someone will probably complain about the non-cryptographic quality randomness of this process. But you only need cryptographic quality randomness when you're going to use it very repeatedly and someone can attack the similarity between them. Since the nonrandomness isn't known to anyone outside and you probably aren't generating a massive number of keys you're fairly safe. To increase security, buy dice from multiple manufacturers and occasionally switch around the lots. (every 4 d8 values converts to 3 hex values. If you're converting by hand, you could alternately use a pair of dice for a hex value, generating only 56 bits per shake but only needing a table of 16 values to convert by hand to hex. You could also use 4 sided dice for this equally well, since you're only using 4 bits per pair.)" i always am fascinated when the line between algorithms/keygen and wetware input blurs. -- Brent Saner 215.264.0112(cell) 215.362.7696(residence) http://www.thenotebookarmy.org ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|