Topic: How can you verify the randomness that's coming from a hardware? (Read 1581 times)

i'm not trying to get you into an argument again. but it is not untested since i've tested it. it may or may not have bias but it has significantly more entropy than 256 bits in the first place. so a little bias probably won't do any harm. it is not insecure. remember, i am doing it. you're not doing it. so you don't understand it. you just think you do. your philosophy is somewhat understandable but it does tend to seem to stand in the way of doing something that maybe no one has ever done before. i'd rather do something like that then try and invent a wheel that already existed. i didn't invent everything but i'm putting the pieces of the puzzle together. and that's pretty cool. now i have to get back to my python program that seems to have a bug in it since my generated private key seems a bit too large.  


ok cool.

I found it too expensive, as well - it was just an example of a fully open-source hardware device.
And nobody even cloned it yet, even though it costs $299 and should be relatively cheap to reproduce!

Manchester encoding?

When in doubt, you could of course apply the system where BW means B, WB means W, and BB or WW means ignore, but that means you'll have to eat at least 3 times more candy.

I'm not going to get in to this argument again, but I cannot fathom why you are so hell bent on using untested, biased, and insecure methods of generating entropy when everyone is repeatedly telling you it is a bad idea.

Any string you generate by manually picking 0s and 1s. It might be safe enough that your coins aren't stolen, but it will not have 256 bits of entropy and it will definitely be less safe than a properly generated string.

I'd seen it before but i didn't appreciate all that it has to offer at the time. Now i can appreciate it more fully since there's not alot of comparable devices out there. plus the price seems very reasonable. even though i wish it was easier to get as in a domestic shipper inside the usa. apparently it would come from china so overseas shipping. not sure how much that is or how long it takes. but from my experience on ebay, things from china can come pretty fast. for small stuff. maybe you can do a review for us on this thing once you get it.  

you did an AMAZING job with the review but $299 is way outside of what I consider reasonable no matter how many features it has. it would have to be able to mine bitcoin at a profit to make me even consider it.


 a handheld device that costs almost $600. i guess it has its use cases but not for any average crypto user it doesnt.


Well that's why I don't rely on that method but anyhow, I got my bingo machine thing working. That, along with maybe dice and flipping a coin is all i ever need.

can you give me an example of such a string that would not be safe that no one has ever generated before? you might be suprised that it's not as easy as you think. but give it a try. i'll be the judge.  

That looks very good, indeed! I wasn't aware of it; might even pick one up (even though I don't need a secure RNG right now).

It might be easier to make money off a closed source product in the current market, where most things are closed, too.

Fortunately, open source licenses have this clause that usually requires derivatives to be open, as well. This means if you want to use Trezor's tried and tested, ancient Bitcoin crypto library, your product (firmware at least) must be open-source too, allowing Trezor and anyone else to profit from your additions and innovations, to then further innovate themselves.

If you've never heard of Foundation Devices, you may be interested in my review of their first device; review for the latest generation is going to be posted very very soon, as well in the Hardware Wallet section.

I'd like to also mention https://betrusted.io/; they built the fully open-source Precursor so far.
Completely open-source to the very last detail.

Your brain won't select those 0s and 1s fully at random. It will unknowingly introduce patterns that decrease the entropy, i.e. how random your randomness really is.

You can significantly improve Loyce's system by counting and verifying an equal number of both colors (adjusting if necessary). You should also put the candies back into the bag after randomly drawing them and writing down B / W.

Yeah. From the looks of it, whites appear to outnumber blacks significantly - so it wouldn't be an effective entropy source at all.  
I do agree with the "less boring" part, though.

I am making analogies, not literal comparisons, which you seem to be misunderstanding.

The point of these analogies is that human behavior is not random. You might think you are being random, but you aren't. Not truly. This has been studied and proven.

Which makes thing even less random. Now you are thinking "I know that statistically I "should" have a run of 5 of the same at some point. I've not done that yet, so lets put that in now. Ok. Now we'll do a few much shorter runs of just 1 or 2 the same, because you probably wouldn't have 5 the same immediately followed by another 5 the same. Ok. What next?" And so on and so forth. This is not random. Not even close to it.

Another analogy. I'm simply saying that although you might generate a unique string that no one has generated before, it doesn't mean that string is safe or secure.

The final collective result of the behavior of a group of distinct and disconnected individuals is in no way comparable to a single person picking 0s and 1s.

But of course there probably isn't an even number of blacks and whites in the bag, and with each one you eat you reduce the odds of that color appearing again. So overall a bad system.

If you generate enough random 14-character sequences, you'll find it eventually

These sources says 3 or 7. The interesting part is they're both prime numbers. Reddit shows 7 as a clear winner (28%).

While eating Zwartwitjes with the kids, I thought of a way to create random numbers:

Get one, write down a B or a W, eat it, get the next one. Repeat until nauseous. It's much faster than flipping a coin, and less boring

it's not like a book where you just take out some sentence from it and hash it. just waiting to be discovered.


Asking someone to pick a random number between 1 and 115792089237316195423570985008687907852837564279074904382605163141518161494337 is different than telling them to pick a number in that range that no one else would ever guess. Or be able to find. And if they did, they would lose all their money. They're going to think a bit about it before just blurting out "777777777777777777777777777777".

They are certainly less likely than HH or TT but the thing is, in some random bitcoin private key you're going to see 00000 and 11111 you might even see larger length repeats. So think about that. 000 and 111 will happen alot.

Example (I dont know how this bitcoin private key was generated but I'm sure it was probably done using software, as most of them are):

1011100000111010000010110010011011011000111110111100001001100011101000011110011010101000001111111110101101110100111100110011010101001000011010000110100001011011110101010010000100 1100000101100110000100100111000110100010010111110111011010111011010001001100

So obviously one needs to understand a little about what is the norm. Then go from there.

But there's a difference. your unique string has been published so that anyone in the world can get a copy of it. mine wouldn't have since I just generated it out of my head.


If humans did not behave randomly (and unpredictably) then the stock market would be a science. Even with bitcoin, no one knows what the price is going to do. Why is that? because we don't know what people are going to do. their behavior is random. completely random. some of them buy, some sell. the overall result of that is anyone's guess.

Well I wouldn't be able to tell you "why". There is no justification of why. it is just what I wanted it to be. At the particular moment in time. Just like all the  remaining 255 bits. There doesn't have to be a reason why. There is no way to say why. With that said, I have actually done this procedure of writing down a private key but in hex not binary. I would be confident enough to use it. Enough said.

Because, humans aren't random number generators. What is randomness? Complete lack of determinism. If something can be accurately predicted, it's not random. A cryptographically secure random number generator comes with more unknown variables to predict, in comparison with a human brain.

Begin writing. What's the first binary value, and why? You might think there isn't a reason you chose 0 (e.g.) but there is quite likely a reason you don't know.

Maybe not, but that doesn't mean the string you produce will be random. Studies have consistently and repeatedly shown that humans are bad at both generating and perceiving randomness. If you say to pick a number between 1 and 10, 7 is by far the most common. If you say to write down a random series of coin flips (which is the same as writing down a binary number), we consistently avoid runs of the same result (HHH/TTT/111/000) since these are perceived as being "less likely".

A unique string is not necessarily a random string, nor is a unique string necessarily a secure string. I could generate a brain wallet using the first line of text from a Shakespearean play which had never been used before. My brain wallet might be unique, but any coins I deposit on it would likely be stolen.

Well, to be fair, I was talking about legitimate usb devices. Unlike say the flash drive market where fakes are all over the place I don't think that's the case for this type of device and the reason is simple. The market is small.



then why not get the onerng. https://onerng.info/ you got something against it? seem like it checks off all your boxes. i doubt anything else comes close.

never heard of foundation devices before you mentioned them. but i'd say these are the exception rather than the rule. then you have to ask yourself, why.


why would it be "extremely difficult"? give me a pen and paper, i'll write down a string of 1s and 0s of length 256. i bet no one ever came up with that private key before.

Referring to the OP and writing from a smidgen of mathematics knowledge:
In here, talking about random, usually means a private key, 256 random bits.  Now think of them as a pattern.  a 256 bit long pattern.

Some, even many, patterns can be proven to not be random.  For example, if the bits make up the ASCII sequence "this is random" it definitely is not random.
But, it is almost impossible to prove randomness.  There may always be one more way to look at the number to find it not random.

So: As has been said, you must understand the hardware and software used to produce the number.  A difficult task.  Many have written words to the effect:  Don't try to generate a random number on your own.  It is extremely difficult.  When your number is not random, you won't know it until your coins are gone.

When ordering from Amazon, there is a lot of trash to be honest. It's possible that you get a device that just uses a rand() C function on a microcontroller or something.
Worst-case even just spitting out numbers deterministically and not uniformly random.

That's why I'd prefer to buy a device with open-source hardware.

You'd pay for the convenience of not spending hours on a new project and probably having to debug it as well.
Trezor and Foundation Devices have shown that open-source hardware is possible without your business going down due to the bad bad DIY scene.

See my comment above.

Been running rng on my bitcoin hacking racks for +2 years now, works great

Increased my find of lost bitcoins 2x by using real random numbers and random seeds

https://github.com/room101-dev/Grand-Ultimate-BTC-Hacker

ONERNG I paid $40 usd ebay from czech, but two years ago, but like people here are showing you can roll your own, but unless your an electronic genius, I would spend the $40, and I'm an hw/sw scientist, so $40 is nothing

---

In general I would always generate my own keys and NEVER use 3rd party sw, its just too easy on linux on one command line to generate a real good key that your certain that nobody on earth knows other than you.

But, HW random number generators have better uses than generating private keys for new wallets, the best use is as seed generators for finding ( hacking ) lost bitcoins

There are 300M used bitcoin addresses,  you put them into a 8gb bloom filter and on a GPU card you can do 1 billion cycles per second,, so that 8* 10**18 , so you want to make sure your seed is really random while on the hunt; now that is a use for hw random generators such as these devices

I'm fond of RNGONE from czech found on ebay and/or amazon back pre-CONVID

https://github.com/room101-dev/Grand-Ultimate-BTC-Hacker

[moderator's note: consecutive posts merged]

yeah that one is tiny but i'm sure if I tried to build something like that it's going to be way bigger. think breadboard size. because that's how you would have to get started is by breadboarding it up and seeing if what you constructed works and then once that passes muster, you can solder everything up. gonna be the size of 2.5 inch ssd most likely before you over and done with it. nothing wrong with that though i guess. bonus points if i dont have to actually understand how the thing works to build it...



I would imagine all such usb devices use that technology in some way. They're definitely not sampling radioactive decay or something right?

Because they want to be a bit cryptic about how exactly their device works. They don't want people to build one themself necessarily.

yeah there's no way that's happening with something like TrueRNG.

They don't want you doing that. No one want someone doing that to their product? The reason is simple. if you could do that, you could just build the thing yourself. and don't need to buy it from THEM.

Plus, presumably they've put in some R and D on the thing with some tweaks to make it better than the old off the shelf github circuit to give their product a competitive advantage in the marketplace.

I don't know of any temperature sensor driver that exposes the temperature in fractions of a degree.

That is to say, one degree is usually the highest granularity you'll get with tools like lm-sensors and HWinfo/CPU-Z.

if $6 chip claims it has this resolution means there's one that really has.


this thing wraps back and forth like 8bit uint . it will do so with and without this gradually thing. it sould not have impact here but i can't say for sure without research

It's not that easy to understand from just a PCB picture, but combining it with the schematic, it gets a lot simpler. A true open-source-hardware device provides all of those files, just like here:
https://github.com/Foundation-Devices/passport-electronics/blob/master/Main%20Board/Documentation/Schematic%20Print/SCH_FD-JL-PCB-MB_E1.PDF

Well, the zener is the core component, but you need a driver and sampling circuit around it. Did you count the components or the pads? I count roundabout 20 components (~40 pads). The design by betrusted.io even manages to work with 14 components; look how tiny it is.

That just confirms that this is a good circuit. I just wasn't aware that they're sold under the simple term 'TRNG', as I couldn't find anything when looking for 'avalanche noise circuit PCB'.
It would be good if these devices came with schematics and board files to verify the circuit more easily.
(1) Compare product to PCB files
(2) Compare PCB files to schematics
(3) Check schematics to understand what the circuit does and verify that it's what you want it to do

---

I believe the biggest issue with temperature is that it typically increases / decreases gradually; the sequence of numbers coming from the sensor is going to have some inherent bias because of this.