I am going to build a true random number generator ...

[DeathAndTaxes]

Bitcoin relies on random numbers for keys and signatures.  Clients may also rely on them for encryption (salt), and seed generation (HD wallets).

Proving a PRNG is secure is a very difficult task and is impossible when the operating system is not built from source.  Quantum mechanics are non-deterministic and thus provide an alternative method of generating randomness.

I just need to wait for a missing component to arrive.

(Stupid broken image proxy - direct link http://i.minus.com/ibzPEHrUJ3pByt.jpg )
Bonus points if you can figure out what it is without using google.

[OnkelPaul]

My guess is it's a Geiger counter (I swear I did not check Google or anything else)...

Onkel Paul

[FrozenBit]

 Good luck, that kind of entropy will be hard to create by machine.

[bananaControl]

Bonus points if you can figure out what it is without using google.

Some kind of radioactive source maybe?

[murraypaul]

An example going back to 1957: http://en.wikipedia.org/wiki/ERNIE#ERNIE

[DeathAndTaxes]

Good luck, that kind of entropy will be hard to create by machine.

The entropy isn't created by a machine it is a created by the environment.  The circuit would just record entropy which already exists.

[Nagle]

Proving a PRNG is secure is a very difficult task and is impossible when the operating system is not built from source.  Quantum mechanics are non-deterministic and thus provide an alternative method of generating randomness.

Of course. Are you using a noise diode or a radiation source?

[iraszl]

Nice project! Is this the first time anyone had this idea?

[DeathAndTaxes]

An example going back to 1957: http://en.wikipedia.org/wiki/ERNIE#ERNIE

True they certainly aren't "new" however the availability of low cost micro controllers, design tools, and open source hardware means it is more economical to be done by a hobbyist.

[murraypaul]

Nice project! Is this the first time anyone had this idea?

Ernie 1-4 have been running monthly premium bond draws for 57 years, so not quite, no

[OnkelPaul]

Heh - almost right. Of course it's not the counter circuitry, just the detector tube...
Might be not so suitable after all - for really low radiation, the number of random bits per time unit might be too small, and for stronger radiation, I think they might have some saturation or dead time effect which prevents them to detect events that are too close together in time. But I may be wrong, this is all from very dim memory.
Commercial sources of randomness use thermal or quantum noise generated by semiconductor diodes as far as I know, those are much smaller and less fickle.
But as a fun project, this tube might be just the right thing...

Onkel Paul

[cbeast]

My guess is it's a Geiger counter (I swear I did not check Google or anything else)...

Onkel Paul

That's what I would guess, or a tesla coil.

[mufa23]

Had to google it. My coworkers and I couldn't figure it out.

[DeathAndTaxes]

Proving a PRNG is secure is a very difficult task and is impossible when the operating system is not built from source.  Quantum mechanics are non-deterministic and thus provide an alternative method of generating randomness.

Of course. Are you using a noise diode or a radiation source?

Radiation source.  I am planning on using Americium (Am-241) for safety reasons (reasonably available and an alpha emitter).

[SgtSpike]

I always thought that a microphone could work just as effectively for randomness.  Put a mic outside, record for 10 seconds, take the hash of that, viola!  Or just a straight sampling of it, like 10 bits, although the effective randomness would be less bits than that.

[bananaControl]

I always thought that a microphone could work just as effectively for randomness.  Put a mic outside, record for 10 seconds, take the hash of that, viola!  Or just a straight sampling of it, like 10 bits, although the effective randomness would be less bits than that.

Or a radio. Record some random noise, and bingo, random numbers 

[DeathAndTaxes]

Heh - almost right. Of course it's not the counter circuitry, just the detector tube...
Might be not so suitable after all - for really low radiation, the number of random bits per time unit might be too small, and for stronger radiation, I think they might have some saturation or dead time effect which prevents them to detect events that are too close together in time. But I may be wrong, this is all from very dim memory.
Commercial sources of randomness use thermal or quantum noise generated by semiconductor diodes as far as I know, those are much smaller and less fickle.
But as a fun project, this tube might be just the right thing...

Onkel Paul

Output will be low.  1000 bps would be optimistic, first version might be significantly lower than that.  The tube I picked is a great alpha detector.  Alpha particles are block even by a sheet of paper so it becomes possible to use a source with higher activity without presenting a safety risk. 

Still even low output can be useful if the results are cached.  Lets say only 100 bps.  That over one million bytes per day.  Enough to generate 4200 private keys.   Of course things like a strong HD wallet seed (to produce an infinite number of keys) is probably a better use of those "scarce" bits.

[mufa23]

I always thought that a microphone could work just as effectively for randomness.  Put a mic outside, record for 10 seconds, take the hash of that, viola!  Or just a straight sampling of it, like 10 bits, although the effective randomness would be less bits than that.

thats a neat idea. I'd assume the codec and/or file extension might not make it too random though

[franky1]

using radiation is risky.. it has a known half-life which a mathematician could possibly abuse to work out the base number used to then create randomness..

the best bet is to take several different events not linked at all and combine them

[DeathAndTaxes]

I always thought that a microphone could work just as effectively for randomness.  Put a mic outside, record for 10 seconds, take the hash of that, viola!  Or just a straight sampling of it, like 10 bits, although the effective randomness would be less bits than that.

Or a radio. Record some random noise, and bingo, random numbers  

That is what RANDOM.org uses.  All hardware RNGs can be categorized as either devices which sample a chaotic system (like radio noise) or devices which observe a quantum effect.  The chaotic systems are secure because while in theory radio noise is deterministic, at the current time simulations that large and complex are beyond our computing abilities.  Quantum observations are (at least based on our understanding of the universe) truly random in that we can not predict or explain why they occur.

One thing to watch out for in chaotic systems would be a periodic or oscillating signal.   Imagine a scenario where somewhere nearby there is a component (possibly defective) which is putting out a strong pulse at a specific interval which is picked up by the listening device.  This would result in your random numbers not being uniformly distributed.  Kind of like rolling some dice for random numbers but they are loaded and the six comes up more frequently than other numbers.