[dahart]

Ah this is really interesting, it didn’t occur to me while reading the paper, I just assumed crystals grow reliably.

Because they’re running sha512 on the crystal data, the output will always look random. But if the crystals have a bias in their preferred growth patterns, especially if there’s a non-trivial probability that they don’t grow, knowing that may be an attack vector, you can use that information to simulate the process and possibly produce the same output.

“A raw binary sequence was then generated by assigning 5 bytes per crystal pixel based on size, orientation, and color, with crystals ordered from top left to bottom right in the vial region (see Supplemental Information for details). These bytes were concatenated with those of adjacent crystal pixels and of subsequent crystals to generate a long binary sequence. This sequence was then split into sections of 64 bytes, and the sha512 algorithm was applied to each of these sections. The resulting binary sequences were concatenated to form a larger-output binary sequence.”

The sha512 is the reason the output is uniform, but if I were doing this, I’d throw a time stamp and maybe some calls to drand48() or something into the pre-sha mix, to guarantee that the input can’t be easily replicated.