Post by thread:[OT] random numbers

Is the number of seconds (say XXXX0.00 to XXXX9.99 sec) since midnight a truly random number? You could only use it once in awhile of course. maybe use NOW to seed a generator? IANAM!! (mathematician) so forgive if this is trivial. Speaking of random, (as in random fluctuation of the vacuum something or other), if all of the mass of the universe started in an infinitesimal volume (a point?) as proposed by the big bang (I think that's what the theory says), then wouldn't that have been The Mother Of All Black Holes? So, how did we get out? Or did we? I always pay attention to related matters and have never seen this mentioned. IANAC!!! (cosmologist) but my brother in law is - he seems to hate this question and has never answered it (I've asked twice). Perhaps it annoys him because it is a stupid question?? -- Looking forward, Al Shinn

> Is the number of seconds (say XXXX0.00 to XXXX9.99 sec) > since midnight a truly random number? You could only use it > once in awhile of course. > maybe use NOW to seed a generator? IANAM!! (mathematician) so > forgive if this is trivial. Random is never trivial. The short answer to you question is no & maybe. Two problems with time of day; it's a known sequence, so I can guess what the next number is going to be, and I'll get the same number at the same time each day, ie at midnight it's always zero. You may be happy with this, of course. There's a number of bit-twiddling routines for use on PICs, they'll generate a psuedo-random sequence that may be good enough. Instead of generating 1,2,3,4,5,6,etc you get 4,2,3,6,1,5. Unfortunately after a while the sequence will repeat. Ok for dice rolling, no good for Lotto. Seeding improves things, the usual trick is to rely on some outside influence. You could always have the sequence running, and when a button is pushed output the current number in the sequence. (Its flaw is that if you power up the chip and instantly hit the button, you'll always get the very first number in the series). Other ways to do this is to detect some 'noise' from the real world that causes the counter to increment thru the series in a hopefully random matter, or to make the noise the actual number. Say you had a light sensor; a bright light trips the counter, or is a 'big' number. Low light does nothing to the counter (or increments it slowly, bright = fast), or is a 'small' number. Needless to say, these have their problems too. Ok for Government work, natually. There's a website that serves up random numbers out there somewhere. Tony

> Is the number of seconds (say XXXX0.00 to XXXX9.99 sec) > since midnight a truly random number? If you sample it at a random moment it is certainly random :) The trouble about random is that - like most scientific notions - it has no qualification test, only disqualification tests. And for randomness even those disqalification tests are statistical, the type of answer they give is "the chance that this sequence was truly random according to this test is (only) 15%". In most practical situations the question is whether a sequence is sufficiently random for a certain purpose. That's an engineering question (or even a management question!), not a scientific question. > So, how did we get out? I guess there was no energy crisis way back then. Wouter van Ooijen -- ------------------------------------------- Van Ooijen Technische Informatica: http://www.voti.nl consultancy, development, PICmicro products docent Hogeschool van Utrecht: http://www.voti.nl/hvu

If you are using a PIC, a high-speed timer might be a simple good bet. You can even write an algorithm to take advantage the timer values, which will make a better pseudo-random number. Funny ----- Original Message ---- From: David VanHorn <spam_OUTmicrobrixTakeThisOuTgmail.com> To: Microcontroller discussion list - Public. <.....piclistKILLspam@spam@mit.edu> Sent: Friday, October 5, 2007 8:21:16 AM Subject: Re: [OT] random numbers > There's a website that serves up random numbers out there somewhere. Lavarand! :) http://www.lavarnd.org/

There are LFSR routines for PICs out there as well. -- Martin K Funny NYPD wrote: {Quote hidden}> If you are using a PIC, a high-speed timer might be a simple good bet. You can even write an algorithm to take advantage the timer values, which will make a better pseudo-random number. > > Funny > > > > ----- Original Message ---- > From: David VanHorn <microbrixKILLspamgmail.com> > To: Microcontroller discussion list - Public. <.....piclistKILLspam.....mit.edu> > Sent: Friday, October 5, 2007 8:21:16 AM > Subject: Re: [OT] random numbers > > > >> There's a website that serves up random numbers out there somewhere. >> > > Lavarand! :) > > http://www.lavarnd.org/ >

> If you are using a PIC, a high-speed timer might be a simple Measuring WDT period at high resolution should be a reasonably variable seed if you need to keep PRNG generation internal. You could do (maybe not so silly) things such as occassionally turn on a warming resistor that heats the PIC, thereby changing WDT, it being RC-based and variable with temperature. The main point is having an external or analogue component influencing the digital

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Al Shinn wrote: {Quote hidden}> Is the number of seconds (say XXXX0.00 to XXXX9.99 sec) since midnight > a truly random number? You could only use it once in awhile of course. > maybe use NOW to seed a generator? IANAM!! (mathematician) so > forgive if this is trivial. > > Speaking of random, (as in random fluctuation of the vacuum something or > other), if all of the mass of the universe started in an infinitesimal > volume (a point?) as proposed by the big bang (I think that's what the > theory says), then wouldn't that have been The Mother Of All Black > Holes? So, how did we get out? Or did we? I always pay attention to > related matters and have never seen this mentioned. > IANAC!!! (cosmologist) but my brother in law is - he seems to hate this > question and has never answered it (I've asked twice). Perhaps it annoys > him because it is a stupid question?? > > -- > > Looking forward, > Al Shinn > > One of they guys at sparkfun created random numbers from noise picked up on the A/D channels of a micro. See www.sparkfun.com/commerce/present.php?p=Sinister7 if anybody's interested. - -- Brendan Gillatt brendan {at} brendangillatt {dot} co {dot} uk http://www.brendangillatt.co.uk PGP Key: pgp.mit.edu:11371/pks/lookup?op=get&search=0xBACD7433 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFHBrdykA9dCbrNdDMRAiPcAKCTl75b/0wIl1cRbBec/Ro8sYjGoQCgmbec Pm0BHj+lu99QisapDa+GJh4= =u089 -----END PGP SIGNATURE-----

On 10/5/07, Martin Klingensmith <martinspam_OUTnnytech.net> wrote: > There are LFSR routines for PICs out there as well. Yeah, but they do repeat, eventually, and if you know the length, and seed, then you can work out what's next pretty quickly. I have a 19 bit implementation for the AVR, which I shift every time through the main loop, and when I use it, I grab a few bits from here, a few from there, making it harder to attack that way. But radioactive decay isn't that hard to get, and if someone can show how to un-randomize that, they have a Nobel waiting.

On Sat, 2007-10-06 at 01:10 -0400, David VanHorn wrote: > On 10/5/07, Martin Klingensmith <@spam@martinKILLspamnnytech.net> wrote: > > There are LFSR routines for PICs out there as well. > > Yeah, but they do repeat, eventually, and if you know the length, and > seed, then you can work out what's next pretty quickly. I have a 19 > bit implementation for the AVR, which I shift every time through the > main loop, and when I use it, I grab a few bits from here, a few from > there, making it harder to attack that way. Anybody have any experience using the ADC? I figure just connecting a resistor divider to an ADC pin, reading the value a few hundred times and doing something with the least significant bit would perhaps give a relatively good random number? TTYL

> > main loop, and when I use it, I grab a few bits from here, > a few from > > there, making it harder to attack that way. > > Anybody have any experience using the ADC? I figure just > connecting a resistor divider to an ADC pin, reading the > value a few hundred times and doing something with the least > significant bit would perhaps give a relatively good random number? > > TTYL Ask Intel, they tried that on one of their CPUs a while back. Apart from that, use a carbon resistor, they're noiser. Tony

David VanHorn wrote: > On 10/5/07, Funny NYPD <RemoveMEfunnynypdTakeThisOuTyahoo.com> wrote: > >> If you are using a PIC, a high-speed timer might be a simple good bet. You can even write an algorithm to take advantage the timer values, which will make a better pseudo-random number. >> > > Not even close to random, whichever definition you use. > > Radioactive decay events are random. > One of the biggest problems casino game makers have is convincing the various gaming authorities that their game generates random numbers. Of course, computers CANNOT by definition generate a random number, its truly impossible. But some events are very random, such as noise from a "pink diode", radioactive decay, and outer space explosive events. I spent some time doing casino player card networks, and was fascinated at how often a slot machine was sent back as defective because it paid off too often... --Bob

On Oct 6, 2007, at 6:14 AM, Bob Axtell wrote: > Of course, computers CANNOT by definition generate a random number, > its truly impossible. > > But some events are very random, such as noise from a "pink diode", > radioactive decay, and outer space explosive events. I thought one of the classic "truly random" noise sources was a reverse-biased semiconductor junction. It shouldn't be too hard to put a bunch of those on a CPU chip to make a "true random" register that could be used for software requiring randomness, or to assist in generating randomness. (any high speed counter is pretty random in its low bits, but even if it's counting radioactive decays, it gets a lot less random in the high bits as the sample time gets small enough that they're obviously "just counting." BillW

> I thought one of the classic "truly random" noise sources was a > reverse-biased semiconductor junction. It shouldn't be too hard > to put a bunch of those on a CPU chip to make a "true random" > register that could be used for software requiring randomness, > or to assist in generating randomness I used this generator + two nested timers in a project for a gaming machine. It was passed by the NZ Dept Of Internal Affairs as being random. As Bob A indicated, plain PRGN is not acceptable http://home.clear.net.nz/pages/joecolquitt/white_noise.html The eventual output of this circuit is digital to an input pin (ie direct pulse-counting and timing method) but no reason why the analogue output of amp1 couldn't be read by an ADC for a similar result

Jinx wrote: > home.clear.net.nz/pages/joecolquitt/white_noise.html > > The eventual output of this circuit is digital to an input pin (ie direct > pulse-counting and timing method) but no reason why the analogue > output of amp1 couldn't be read by an ADC for a similar result > I used that exact technique 10 years ago to add noise to a sine wave made with an MF10 filter circuit. The job needed to simulate doppler spectrum and the noise added to the sine spread out the bandwidth enough to look like an actual sensor. This was for a simulator.

> I thought one of the classic "truly random" noise sources was a > reverse-biased semiconductor junction. It shouldn't be too hard > to put a bunch of those on a CPU chip to make a "true random" > register that could be used for software requiring randomness, > or to assist in generating randomness. (any high speed counter > is pretty random in its low bits, but even if it's counting > radioactive decays, it gets a lot less random in the high bits > as the sample time gets small enough that they're obviously > "just counting." Right, but then I can hit it with bursts of RF and influence the noise. (or voltage, or ESD or...) If you can make radioactive decay be anything other than random, you need to go pick up your Nobel.. You can make it faster, by approacing critical mass, but that's the same as say dividing all the random numbers by 2, they are still random.

There's something that bothers me about radioactive decay being random. A given chunk of radioactive material will trigger a detector at some average rate and the time between events will seemingly form something like a gausian around that rate (I don't know if it would be a symmetrical gausian, in fact I doubt it). For instance, I was observing a piece of uranium glass with a geiger counter and got something like 1 count per second. So, a list of the time between each count (lets count to three decimals) will peak around 1 second and there will be very very few periods of 000 or even .010 sec, lots more of .500 sec and 1.5 sec, way more 1.000 sec, and very few of 10.000 sec (though perhaps more than 0.000 sec) I would see many more counts at 2.000 then 0.000sec (hence the asymmetry) This doesn't seem completely random to me. Now, if one ran a 100k cps clock and counted only the last four decimals, then I would expect no such "bias" i.e. equal chance of xx.xx0000sec as xx.xx9999sec as xx.xx5000sec So, what would be the names of the two different sorts of randomness? I don't think that you would want the first example as a random number generator if you were building a slot machine. I am sure you would see the same sort of "peaky-ness" with counting the number of decays per second with a fast source, but somehow it "feels" like the gausian may be more symmetrical. I'll bet a doughnut that I am somehow showing a great bit of ignorance here :-) . So, how would one build a radio decay based random number generator without the fast clock and counter - to save power? Perhaps generate a voltage like a survey meter does, but that will have the "peaky-ness" centered at a function of the average rate. I guess one could use just the last few decimals of the AtoD? Well, I'll be double da#$d, I just this minute went out to my car to get my Geiger counter and found out why the car alarm went off last night - someone stole my Geiger counter!!! Bummer I really liked it - it will be expensive to replace!! -- Looking forward, Al Shinn

> There's something that bothers me about radioactive decay > being random. The fact that you can use it to deliver something that is not random does not disqualify it :) Take the (average) decay rate, let's say 1 decay per 2 seconds. So the the chance of a decay in a 1-second period is 50%. Now arrage your random-bit-generator to check for a decay during each 1 second period. A decay: deliver a 1. No decay: deliver a 0. Voila, an - as far as we know - perfect source of random bits. Wouter van Ooijen -- ------------------------------------------- Van Ooijen Technische Informatica: http://www.voti.nl consultancy, development, PICmicro products docent Hogeschool van Utrecht: http://www.voti.nl/hvu

David Hahn came to mind when I read this. http://en.wikipedia.org/wiki/David_Hahn > -----Original Message----- > From: spamBeGonepiclist-bouncesspamBeGonemit.edu [TakeThisOuTpiclist-bouncesEraseMEspam_OUTmit.edu] On Behalf {Quote hidden}> Of David VanHorn > Sent: 7. lokakuuta 2007 23:31 > To: Microcontroller discussion list - Public. > Subject: Re: [OT] random numbers > > > I don't think I'd bother personally, but a smoke alarm would be a > > radioactive source not too hard to get hold of. Although I can't > > say I've ever seen a scrapped one > > Diet salt, potassium chloride, is fairly radioactive. > --

> David Hahn came to mind when I read this. > > http://en.wikipedia.org/wiki/David_Hahn Indeed. Mantles for pressure lanterns are another source. Some US houses have had such high Radon levels that they have had to be abandoned. >> > I don't think I'd bother personally, but a smoke alarm would be a >> > radioactive source not too hard to get hold of. Although I can't >> > say I've ever seen a scrapped one >> >> Diet salt, potassium chloride, is fairly radioactive.

>Diet salt, potassium chloride, is fairly radioactive. So are glow in the dark watches ... I went to an open day at a university. They had various 'radioactive' lumps on show, and a Geiger counter that you could get 2-3 counts/sec from the lowest to 5-10/sec for the highest. Some guy was playing with this, so I suggested he hold the counter up to his watch. The look of surprise as the counts shot up beyond any of the samples was something to behold.

> I went to an open day at a university. They had various > 'radioactive' lumps > on show, and a Geiger counter that you could get 2-3 counts/sec from > the > lowest to 5-10/sec for the highest. Some guy was playing with this, > so I > suggested he hold the counter up to his watch. The look of surprise > as the > counts shot up beyond any of the samples was something to behold. Tritium is not too bad at all. But 1940's watches used to use Radium paint. People who wore them on the inside of their wrist (as I wear mine) tended to develop cancer in the adjacent leg bone :-(. Wear your genuine retro navigator watch face side out. Russell

wouter van ooijen wrote: >> There's something that bothers me about radioactive decay being random. > > The fact that you can use it to deliver something that is not random > does not disqualify it :) > > Take the (average) decay rate, let's say 1 decay per 2 seconds. So the > the chance of a decay in a 1-second period is 50%. If the average decay rate is 1 per 2 seconds, wouldn't the chance of 1 decay in a /two/ seconds period be 50%? > Now arrage your random-bit-generator to check for a decay during each 1 > second period. A decay: deliver a 1. No decay: deliver a 0. Voila, an - > as far as we know - perfect source of random bits. I think for it to be perfect, you'd have to account for the reduction of decay rate with each decay, no? Gerhard

> If the average decay rate is 1 per 2 seconds, wouldn't the > chance of 1 decay in a /two/ seconds period be 50%? I don't think so > > Now arrage your random-bit-generator to check for a decay > during each > > 1 second period. A decay: deliver a 1. No decay: deliver a > 0. Voila, > > an - as far as we know - perfect source of random bits. > > I think for it to be perfect, you'd have to account for the > reduction of decay rate with each decay, no? Ajust the sample period accordingly... Actually there is an error in my idea: it is biased towards 0's. For 1 extra point: explain why. For 1 more point: calculate how much it is biased (I won't be able to check without refreshing my rusty knowledge static, but the numerical (approximated) answer is somewhere in the standard tables.) Wouter van Ooijen -- ------------------------------------------- Van Ooijen Technische Informatica: http://www.voti.nl consultancy, development, PICmicro products docent Hogeschool van Utrecht: http://www.voti.nl/hvu

wouter van ooijen wrote: >> If the average decay rate is 1 per 2 seconds, wouldn't the chance of 1 >> decay in a /two/ seconds period be 50%? > > I don't think so Probably not, but why is it 50% in 1 second? What distribution do the values of the intervals have? Poisson? Anyway, these guys use an algorithm that takes this uncertainty out of the equation: <http://www.fourmilab.ch/hotbits/how3.html> >> I think for it to be perfect, you'd have to account for the reduction of >> decay rate with each decay, no? > > Ajust the sample period accordingly... Ah, bad idea, as is using a fixed threshold in the first place. The exact value of the threshold depends on the material, its purity, its quantity and several other factors. > Actually there is an error in my idea: it is biased towards 0's. For 1 > extra point: explain why. See the link above. Gerhard

Wouter, On Mon, 8 Oct 2007 15:58:18 +0100, wouter van ooijen wrote: > > Actually there is an error in my idea: it is biased towards 0's. For 1 > extra point: explain why. For 1 more point: calculate how much it is > biased (I won't be able to check without refreshing my rusty knowledge > static, but the numerical (approximated) answer is somewhere in the > standard tables.) I was going to point this out, but read down the thread first, to find that you'd already spotted it! The problem is that if there is more than one count in a second, you only output a single 1, so although the input average is 1 per 2 seconds, you are artificially lowering the output average by ignoring any counts after the first. To find out how much, you need to know the shape of the distribution - if a pulse occurred exactly every two seconds (a flat distribution whose name I can't remember) the effect is zero, and the effect increases with the "steepness" of the distribution graph. It's far too long since I did statistics, so that's as far as I can go! Cheers, Howard Winter St.Albans, England

Russell, On Mon, 08 Oct 2007 16:08:03 +1300, Russell McMahon wrote: > Some US houses have had such high Radon levels that they have had to be abandoned. Over here they've realised it's a problem, so new builds have to have a Radon survey, and based on the results steps have to be taken to mitigate the problem, from having an impervious membrane over the building footprint to having a collecting chamber under the house with an exhaust fan. Existing houses found to have a serious problem can have retro-fitted measures, but it's a lot easier to do before you build! :-) Cheers, Howard Winter St.Albans, England

Then use a 256 bit LFSR. It's still easier than using a radioactive source. 2^(256)-1 steps before it repeats. -- Martin K David VanHorn wrote: {Quote hidden}> On 10/5/07, Martin Klingensmith <RemoveMEmartinTakeThisOuTnnytech.net> wrote: > >> There are LFSR routines for PICs out there as well. >> > > Yeah, but they do repeat, eventually, and if you know the length, and > seed, then you can work out what's next pretty quickly. I have a 19 > bit implementation for the AVR, which I shift every time through the > main loop, and when I use it, I grab a few bits from here, a few from > there, making it harder to attack that way. > > But radioactive decay isn't that hard to get, and if someone can show > how to un-randomize that, they have a Nobel waiting. >

Only if you know the scheme, seed, and samples of the resulting stream of data. There's no way you can catalog all the data to match the pattern, so you have to know the starting point. So while it's not random, it's not easy to figure out what the next value is going to be. If you want to be pedantic, I did NOT say that it was random. I'm sure there are theoretical attacks on large LFSRs. You could hash the output with a good hashing algorithm. Or you could use some sort of hybrid s-box feedback instead of a XOR. It wouldn't be linear like an XOR. -- Martin K David VanHorn wrote: > On 10/9/07, Martin Klingensmith <EraseMEmartinnnytech.net> wrote: >> Then use a 256 bit LFSR. It's still easier than using a radioactive source. >> >> 2^(256)-1 steps before it repeats. > > > But completely and absolutely NOT random. > This is how "rolling code" units work. > If I know the length of the register, and I know a couple of > sequential bytes, then I can predict the entire future and past.

On 10/9/07, Martin Klingensmith <RemoveMEmartinEraseMEEraseMEnnytech.net> wrote: > Only if you know the scheme, seed, and samples of the resulting stream > of data. I'm not sure you need the seed, though that does make it more difficult. > If you want to be pedantic, I did NOT say that it was random. :) Sort of a pet peeve. "random" means unpredictable. Radiation decays meet that definition, at least for now. "hard to predict, but absolutely repeatable" is very very useful, but not random. > I'm sure there are theoretical attacks on large LFSRs. You could hash > the output with a good hashing algorithm. Or you could use some sort of > hybrid s-box feedback instead of a XOR. It wouldn't be linear like an XOR. It's a pity that nobody has taken this up, and enclosed a speck of some long-lived alpha emitter isotope in a chip on a silicon detector. That would be very useful. I know the financial folks use radioactive derived sources, and I've seen PC cards that do it, but a chip would seem pretty easy, and shielded from all but the hottest alpha sources.

Doesn't it require some very sensitive electronics to count small nuclear activity? I'm designing a radon detector, it uses a $20 opamp.. -- Martin K David VanHorn wrote: > It's a pity that nobody has taken this up, and enclosed a speck of > some long-lived alpha emitter isotope in a chip on a silicon detector. > That would be very useful. > I know the financial folks use radioactive derived sources, and I've > seen PC cards that do it, but a chip would seem pretty easy, and > shielded from all but the hottest alpha sources. >

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Oct 10, 2007 at 10:06:10AM -0400, David VanHorn wrote: > > I'm sure there are theoretical attacks on large LFSRs. You could hash > > the output with a good hashing algorithm. Or you could use some sort of > > hybrid s-box feedback instead of a XOR. It wouldn't be linear like an XOR. > > It's a pity that nobody has taken this up, and enclosed a speck of > some long-lived alpha emitter isotope in a chip on a silicon detector. I somehow remember that early SRAM chips eventually reached a point where the density was great enough that alpha particals from the minute bits of radioactive clay in the housing was causing problems... How much work could a simple Americanium isotope based detector be? - -- http://petertodd.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHDRA43bMhDbI9xWQRAoXXAJ9cSwjUAc9KTBPyW7jINzjygBL4VQCeIvFw wvdgzeoqVhA8PuCj7lfUGtU= =o0KA -----END PGP SIGNATURE-----

Martin, Small nuclear activity is one pulse at a time. I have seen single pulses from alphas with a reverse biased silicon junction (in one case - a pin photo detector about .1" sq.) on my old O'scope - don't remember the size of the load resistor. If using an ionization chamber like in a smoke detector, yes, you need very sensitive electronics for low level work. What sort of detector are you using for your radon? -- Looking forward, Al Shinn >Doesn't it require some very sensitive electronics to count small >nuclear activity? I'm designing a radon detector, it uses a $20 opamp.. >-- >Martin K

On 10/10/07, Martin Klingensmith <RemoveMEmartinspam_OUTKILLspamnnytech.net> wrote: > Doesn't it require some very sensitive electronics to count small > nuclear activity? I'm designing a radon detector, it uses a $20 opamp.. Figure the capacitance of a REALLY small PIN diode, with a dot of AM241 or similar on it, vs a much larger diode, and hotter alpha emitter to get through the case/coating. The amplitude would be a lot higher, and you could completely do the front end in that differential mode that op-amps like so well. I don't think it would be a big problem.

Al Shinn wrote: {Quote hidden}> Is the number of seconds (say XXXX0.00 to XXXX9.99 sec) since midnight > a truly random number? You could only use it once in awhile of course. > maybe use NOW to seed a generator? IANAM!! (mathematician) so > forgive if this is trivial. > > Speaking of random, (as in random fluctuation of the vacuum something or > other), if all of the mass of the universe started in an infinitesimal > volume (a point?) as proposed by the big bang (I think that's what the > theory says), then wouldn't that have been The Mother Of All Black > Holes? So, how did we get out? Or did we? I always pay attention to > related matters and have never seen this mentioned. > IANAC!!! (cosmologist) but my brother in law is - he seems to hate this > question and has never answered it (I've asked twice). Perhaps it annoys > him because it is a stupid question?? > > -- > > Looking forward, > Al Shinn > > > Maybe this may help ;-) http://xkcd.com/221/ Rolf P.S. IANAM either ;-)

Well, now I am pretty sure that I am seeing alphas from a smoke detector source ($5.50 - ~1uc americium) , with a once upon a time very good ~.1" sq quad pin photodiode (it's been kicked around for ~ten years on my bench with no lid , dirty, one bond wire wiped off , rats chewi...) I hooked one end of the diode to a 9 volt battery, the other end of the diode to the scope probe, the probe ground clip to other end of battery. I guess the scope is a 1 mohm load. (How in bloody h&ll did they ever get started with "w" for ohms??? ) Scope seems to have ~1.5mv of noise, pulses from diode = ~1.5 to ~3.5 mv ~300 usec decay time, ~1k pulse/s. I don't think you need a $20 op amp for that. Now I have to find a $.10 photodiode in a can - well <$5.00 any way :-) I have not gotten any transistors to detect yet but will keep trying To be 100% sure, I need a graceful means to place and remove an alpha blocker (piece of paper) without disturbing the light leakage and etc and etc -- the epoxy is curing as I type. My early setup was photodiode sticking up in a proto strip with the source (and it's "native" housing) balanced on the diode and then a bit of tape (alpha blocker) or not --- juggle, drop, blast, hold tongue just right, DON'T TOUCH the americium AT ALL with ANYTHING, DON'T touch the photodiode !! Man, I really wish that turkey hadn't stolen my geiger counter the other night - But then I may not have played with the photodiode ?? -- Looking forward, Al Shinn

On 10/10/2007, Martin Klingensmith <RemoveMEmartinTakeThisOuTspamnnytech.net> wrote: > Only if you know the scheme, seed, and samples of the resulting stream > of data. There's no way you can catalog all the data to match the > pattern, so you have to know the starting point. So while it's not > random, it's not easy to figure out what the next value is going to be. > If you want to be pedantic, I did NOT say that it was random. Berlekamp-Massey decodes the seed for any given sequence of a known LFSR (which is a basic structure with arbitrary linear modifications) given twice the length of bits and the length of bits. If you can guess 64 bits of an output stream (which isn't awfully hard, given that most of them start with whitespace or XML-ish starts) you can decode any 32-bit LFSR. > I'm sure there are theoretical attacks on large LFSRs. You could hash > the output with a good hashing algorithm. Or you could use some sort of > hybrid s-box feedback instead of a XOR. It wouldn't be linear like an XOR. These are the practical attacks. Theoretical attacks imply that you must include a non-LFSR source to prevent this or hide them very well, which hasn't had much analysis yet. S-boxes don't do much good for the output but permute the order of the repetitions and make it less likely that you find a polynomial that gives a full result.

> Berlekamp-Massey decodes the seed for any given sequence of a > known LFSR (which is a basic structure with arbitrary linear > modifications) given twice the length of bits and the length > of bits. If you can guess 64 bits of an output stream (which > isn't awfully hard, given that most of them start with > whitespace or XML-ish starts) you can decode any 32-bit LFSR. That is why the basic rule of cryptografy is: compress first, then encrypt. Wouter van Ooijen -- ------------------------------------------- Van Ooijen Technische Informatica: http://www.voti.nl consultancy, development, PICmicro products docent Hogeschool van Utrecht: http://www.voti.nl/hvu