Re: Electronic RNG not enough secure for OTP?

cryptic99@xxxxxxxxx writes:

Hello!

I have question about generating random numbers for OTP or Diceware.
What's the weak point in generating random numbers using electronic
devices?
Let's say we have something similiar to a simple electronic dice but
it's used to generate numbers/letters. Such devices have an electronic
counter that chooses every letter/number one after another very fast.
Let's say it counts 100 times from 0 to 9 in one second. User stops the
counter by pushing a button and reads the number. So what is wrong with
this method? Maybe it's not theoretically ideal but it's better than
typing "randomly" on keyboard-and such method was sufficient to make
messages from Soviet spies secure.
Well, it wasn't. The biases in that technique helped in decyphering the
messages.
Your first one is in fact how some of the random number generators do
generate "random numbers.-- use the timer on the computer ( which is just a
regirster which counts) and use it to time the time between keystrokes, and
use just the bits that you are sure will change between such keypresses.


So I think it would be sufficient in
*practice* to generate OTP? I don't see any possibility to find any
pattern in numbers generated that way, coul somebody correct me if I'm
wrong?Once again, I'm asking about *practice* not theory.

In your case, 100 times a second is not very fast. And the person pusing
could well have biases in teh timing of the pushes. ( But why would it be
better to use taht rather than diceware? Is the user less able to throw a
dice than push a button?)

What do you want to do with these numbers?


.