Is a hash from a picture taken from a camera truly random?

Question

I'm currently taking a picture with a webcam, hashing (sha-512) the bytes output of that image. Is that a "true" random number generator? On the ent test, it performs badly. I suspect this is because it does not have any special characters, only letters and numbers. What hashing algorithm would be better suited for this than sha-512?
here's my code:

import cv2
import hashlib

webcam = cv2.VideoCapture(0)
check, frame = webcam.read()
framebytes = frame.tobytes()
hash = sha512(str(framebytes).encode('utf-8')).hexdigest()

(talking about hash here)
I'm currently using this inside a webserver (flask), so I'm not able to serve bytes (trying to make a random api, used as the seed)

Answer 1

If you really want to do this, then your code is mostly right. Except:

• There's no point in converting from bytes to a string and back again
• Just request the digest directly, rather than a hex representation of them

For example:

from cv2 import VideoCapture
from hashlib import sha512

webcam = VideoCapture(0)
check, frame = webcam.read()

if not check:
  raise ValueError("Unable to read a frame")

digest = sha512(frame).digest()

That said, you'd be much better off using os.urandom, or a wrapper like SystemRandom and let your OS take care of things. This service is trusted by programs like OpenSSL and should be more reliable than what you're trying to do.

If you really want to use a webcam, I'd suggest mixing the entropy into the system's while still using urandom to get out random values. Note that, under Linux, you can write the hashed bytes from your webcam (or even the raw webcam data) into /dev/random to incorporate this in a cryptographically secure manner.

If you really want to do things yourself, I'd suggest having a look at the Fortuna PRNG for how larger systems treat entropy extraction and the attacks they try and defend against.