navigation

Secure entropy? Your entropy.

Click ↖ to refresh
About this ↗

A nasty chap once said “You have nothing to fear if you have nothing to hide.” But in reality we all have something to hide, don’t we? Our privacy. And that hiding process begins with entropy. And it had better be really really random entropy. Public leaks have revealed that what once might have been considered truly random, ain’t necessarily so. Either by conspiracy or cock-up, true random number generators (TRNGs) may not be outputting entirely secure nor Kolmogorov random entropy.

This creates the following trust dilemma for everyone:-

The TRNG dilemma: Are commercial true random number generators really random given the stakes and circumstances?

The TRNG dilemma.

  • Your objective: To keep your secrets and privacy safe using high quality one time pads (OTPs), strong cryptographic keys and initialization vectors (IVs). These will all be derived from Kolmogorov random entropy, on an information theoretic basis .

  • The problem: You can’t be 100% certain that entropy generated by any commercial TRNG is totally unpredictable. A), Computational indistinguishability means that it is mathematically improbable to distinguish a truly random sequence from a predictable (by someone) pseudo random sequence. And B), you typically can’t inspect nor audit the internal device/firmware .

  • Our solution: Build your own! Following three golden rules, we’ll show how you can make simple entropy sources using commonly available components like Zener diodes and cameras. Such as that which makes the live chart at the top ↑ of this page. These can then be the foundations of your own TRNGs, which you can rely on to not have been compromised by governments/agencies. Or to avoid being an unknowing victim of a cock-up. It’s quite easy .

We all remember what befell the Philistines when they tried to fight David and the Israelites (1 Samuel 17). It was a stark demonstration of unabridged arrogance versus the power of faith. The modern day warfare, cryptography focused remake would look like this:-

A modern day warfare, cryptographic David & Goliath. This time featuring a contest between your own simple entropy source and an Abrams tank.

A modern day warfare, cryptographic David & Goliath.


What comes out of that small green screw connector can sometimes be just as powerful as that from a 120mm smoothbore. Have faith, and bask in the sure knowledge that even sabot rounds cannot penetrate a genuine OTP, drawn from your own trusted TRNG. And it’s entropy source can be built from just four simple components sat on a 9V battery.


What does ↘ mean?
Britain's GCHQ signals intelligence agency logo discombobulated and melted. Germany's BND signals intelligence agency logo broken. USA's NSA signals intelligence agency logo broken. Israel's Mossad signals intelligence agency logo broken. France's DGSE signals intelligence agency logo broken. Australia's ASD signals intelligence agency logo discombobulated. Canada's CSE signals intelligence agency logo broken. New Zealand's GCSB signals intelligence agency logo broken.