Entropy on Tap | The Backstage Tour
Behind the concept of the Entropy on Tap service stand years of experience of our security researchers and the brilliance of modern technologies.
To provide the highest quality random numbers, Entropy on Tap uses a sophisticated framework of entropy collectors, transformers, and keepers. The collectors constantly poll numerous sources of random data, most of which are unpredictable and patternless, and many reside in private locations that are neither accessible nor replicable.
The data gathered by the collectors is then fed to a massive “data pot”, where it is mixed together and organised into “entropy portions”. Those are then picked up by the top-level secure random number generator formula, which converts them to opaque output numbers with the appropriate security and statistical parameters.
The numbers generated in such way are strongly and unpredictably random. There is no feasible way to reproduce or predict the output sequence, no matter how much output you’ve already observed.
The numbers produced by Entropy on Tap can be legitimately referred to as random (not pseudo-random) due to the origins and quality of the entropy used to produce them.
Entropy sources
Entropy on Tap uses a network of collectors to grab pieces of entropy from multiple sources and feed them into the data pot. The collectors work 24/7/365 to make sure the amount of entropy gathered in the pot always exceeds the amount of entropy returned as random numbers to the service users, which is an important pre-requisite for their security.
The collectors range in their quality and amount of entropy they collect. Among others, they use the following sources:
- Video streams from CCTV cameras pointed at highly-chaotic sceneries (such as woods, busy roads, and crowded places).
- Highly-sensitive microphones at our office’s computing areas.
- Real-time data on earthquakes, weather, and solar activity.
Users can participate in this entropy generation process by seeding their own data to the data pot via public API calls, increasing the entropy even more.
Security and Design
The large number of independent entropy sources makes Entropy on Tap highly redundant and resilient to risks of communication issues and power outages. Even if 90% of our collectors go offline (which is quite unlikely in itself), the remaining 10% would be able to stand up for them and still provide sufficient entropy to guarantee adequate security parameters of the output numbers.
The random numbers returned to the users are generated from the entropy we collect using a cryptographically secure random number generator based on Fortuna algorithm.
Entropy on Tap is built using the LPP (lightweight, portable, and pluggable) design approach, allowing us to expand it on the fly by adding more and more entropy collectors of all kinds (including collecting from other mini-Entropy on Tap sources, effectively presenting a multi-level entropy gathering opportunity!). It also makes it easily deployable to any IT setting, be it a local SOHO network, a typical corporate Intranet, or a server farm in the Cloud.
Entropy On Tap, both in the idea behind it and its design approach, supports our commitment to green environment and reduction of humanity’s carbon footprint. Instead of spending energy on running expensive generation algorithms, we prefer to recycle and reuse the abundance of entropy available, well, all around us. All the entropy we need is already there, and our only challenge is to recognise, collect, and channel it. This is what Entropy on Tap is looking to address.