Yubico Security Keys with a Crypto Flaw

Wow, is this an embarrassing bug:

Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness of the cryptographic keys it generates. The security keys are used by thousands of federal employees on a daily basis, letting them securely log-on to their devices by issuing one-time passwords.

The problem in question occurs after the security key powers up. According to Yubico, a bug keeps “some predictable content” inside the device’s data buffer that could impact the randomness of the keys generated. Security keys with ECDSA signatures are in particular danger. A total of 80 of the 256 bits generated by the key remain static, meaning an attacker who gains access to several signatures could recreate the private key.

Boing Boing post.

EDITED TO ADD (6/12): From Microsoft TechNet Security Guidance blog (in 2014): “Why We’re Not Recommending ‘FIPS Mode’ Anymore.

Posted on July 1, 2019 at 5:55 AM47 Comments


nusch July 1, 2019 6:20 AM

More embarrassing is the fact that anyone can call its device FIPS compliant without proper verification

Denton Scratch July 1, 2019 8:36 AM

So: just 176 bits of ‘entropy’ on an ECDSA key. I don’t think that’s the end of the world (if that’s what it amounts to). But as @nusch notes, it doesn’t speak well of FIPS.

“The standard YubiKey has a built-in random number generator that involves a Linear Feedback Shift Register (LFSR) that is fed from analog output of the touch sensor as well as asynchronous data from USB traffic.”

LFSR is just a scrambler; it has no serious cryptographic significance. USB traffic can presumably be manipulated; so the soundness of the RNG depends on the conversion of analog data to binary data; and I know that happens to be a difficult task to do properly (hybrid circuitry that can effectively prevent the digital signal from influencing the analog signal is hard to miniatuarise).

The NEO allegedly contains a “True RNG”. So does the Intel I-series, it’s closed hardware, and it’s output can only be inspected after it’s been run through AES. I doubt it’s sound. I know of no TRNG that is fully open and auditable (I’d loved to see a link to such a thing, with practical implementation details).

Evan July 1, 2019 8:38 AM


What, you expect the Department of Defense to verify that security-critical hardware actually meets encryption standards all by themselves?

Who? July 1, 2019 8:38 AM

@ nusch

Perhaps these cryptographic devices were properly validated for a firmware release earlier than 4.4.2.

Denton Scratch July 1, 2019 9:01 AM

I meant: I’d love to see a TRNG that can be run off a USB power line…

I know you can do it with radiation sources and Geiger counters; but that’s still an analog source, and it uses high voltage, so you’d need a dual voltage supply.

I tried this with a reverse-biased Zener diode, feeding op-amps, feeding a voltage comparator, feeding a shift register. The analog output from the op-amps looked fine; but as soon as I coupled in the digital stuff, it all became horribly predictable. I also tried rings of inverters, as a fully-digital randomness source. That also failed – I used about a dozen inverters, I think the pro stuff uses rings with hundreds of inverters.

I don’t own a HF oscilloscope; I’m no electronics engineer; it’s hardly surprising it didn’t work. But I’ve seen no schematics that I could use to make one that does work (especially off a USB power line).

Who? July 1, 2019 9:04 AM

@ M

Certainly manufacturers should be more careful when changing their FIPS/EAL/whatever certified devices internals, not to say if we are talking about non-field-programmable firmware. In any case, I do not think FIPS certification ensures a device is secure. As I see it, a certification process verifies that the manufacturer has spend reasonable resources to assure a device has been designed to meet the specifications and, if it fails, they have the resources to fix the weakness. In this case, YubiCO will replace the flawed devices for free.

I have a few Cybex SwitchView 10040-SC devices certified as EAL4 augmented. This NSA certification does not assures devices are bug free, but I believe they have been designed to meet the design specification as closely as possible, and they have been designed to be used concurrently on different classification-level networks (with some restrictions).

It would be nice, however, if devices are re-certified periodically.

Who? July 1, 2019 9:08 AM

@ Denton Scratch

Someone on this forum (Clive?) wrote about building these devices some years ago. Perhaps you will find some useful ideas on these posts.

Denton Scratch July 1, 2019 9:18 AM


Thanks for that,I haven’t come across that device. I’ll take a look at the schematics, and see how it’s supposed to work.

Karl July 1, 2019 10:07 AM

I don’t buy that those kind of things happens accidentally.
Seems like deliberate weakening to me.

Who? July 1, 2019 10:15 AM

@ Karl

I do not think it is deliberate. It is a too obvious flaw. People at Yubico are more clever than that.

Dan July 1, 2019 2:56 PM

For those deriding the worth of FIPS certification, it’s worth noting that the standard verification process checks that the encryption algorithm is correctly implemented, and that the device is physically resistant to tampering.

The level of entropy in a cryptographic module’s ‘random’ bit sources is not tested, and couldn’t really be without a code review. FIPS certification, like other security certification processes for devices like credit card payment pinpads, treats the device as a black box to be tested and attacked.

This vulnerability sits outside the FIPS scope, is all. That doesn’t mean that there’s no value in certifying that a device’s encryption algorithms work correctly and that its hardware can’t be physically compromised.

Clive Robinson July 1, 2019 6:46 PM

@ Denton Scratch,

I tried this with a reverse-biased Zener diode, feeding op-amps, feeding a voltage comparator, feeding a shift register. The analog output from the op-amps looked fine; but as soon as I coupled in the digital stuff, it all became horribly predictable. I also tried rings of inverters, as a fully-digital randomness source. That also failed – I used about a dozen inverters, I think the pro stuff uses rings with hundreds of inverters.

In theory a TRNG is easy to make, in practice however…

As you have found it can be quite difficult to get it to produce output at all let alone something that has real entropy.

First you need to understand what the circuit problems are likely to be, and also that what looks random may well not be. It can more often than not be determanistic or chaotic not truly random. In fact with most electronic analog noise sources without great care you will find that,

0, They oscillate or nearly oscillate due to excesive gain and feedback.

1, Determanistic (system) noise is likely the greatist signal.

2, Chaotic noise is most likely the next greatest signal.

3, with the true random or entropy signal being the smallest.

Thus you need to work out how to prevent oscillation and remove the system and chaotic noise, to leave a rough entropy signal. But even when you have that rough entropy signal it is as with many things likely to be biased in some way and have bandwidth limitations.

In practice you will need to add your own bandwidth and gain limitations to stop oscillation, and regenerative noise. That is system noise is predominately low frequency noise from power supplies, semiconductor noise etc. Which means putting in a filter to remove signals below a few kilohertz will remove much system noise as will not using switching power supplies unless correctly filtered to -100dBV or better below rail swing. Or differential circuit design with high CMRR low noise –not FET– opamps in instrumentation input configuration with earth guard rings around the inputs and minimal earth current is used. Likewise as low an impedence as possible used on the “zenner effect” noise source, which unfortunatly will mean high earth curents that need to be kept away from the opamp circuitry by use of seperate return circuits/traces to the lowest impedence point on the power supply filter which should use as lower ESR capacitors of as highest capacitance as possible. To get an idea of how to do this have a look at the design of either high quality DC instrumentation inputs or high quality audio preamplifiers for the likes of ribbon mics.

Thus whilst an actuall –real– Zener diode can be used the noise source that many end up using is the reversed base emmitter junction of a bipolar NPN (2N2222) transistor using two resistors of about equal value such that the reverse biased junction DC connected across the inputs to the low gain instrumentation opamp configuration. The output of which is then fed into a bandpass filter circuit.

Another way of getting the noise is to look up the design of an “HF/VHF/UHF RF Noise Source” as described in the “test instruments” section of the ARRL or RSGB manuals. Such high frequency sources can be usefull when using a “decimating” or “sampling” input via the likes of a Double or Tripple Balanced Ring Diode Mixer.

It’s very important to keep gain down and take care to avoid phase shifting feedback otherwise the circuit will either self oscillate or become “regenerative” which whilst not breaking out into self oscillation will exhibit chaotic behaviour thus chaotic noise close to the 360 degree feedback frequencies giving a very non uniform noise spectrum.

In practice I’ve found the best way to amplify the raw entropy signal after bandpass filtering is to use it to drive the input to a Voltage Controled Oscillator (VCO). This converts the entropy in the voltage domain into entropy in the frequency domain which can with a little thought can reduce feedback issues quite well. As the VCO ouput frequency is likely to be above the MF band you will need to “mix it” with another oscillator running above or below the VCO bandwidth cutoff frequency. In practice in the past I’ve used a D-Type latch as the mixer, the output of which should be monitored with a spectrum analyser (use a $15 Software Defined Radio “RTL Dongle” and any of the Open Source SDR receiver software with decent “waterfall display”) to get the desired noise spectral density in a suitable form for analysis.

What will usually be clear is that the output is offset biased. The easiest way to remove this is to feed it to a two bit shift register and feed the two inputs into an XOR gate. This is the hardware equivalent of a von Neumann “de-bias” circuit and either one of the shift register outputs and the XOR output can be feed into the inputs of a microcontroller chip.

I used a MicroChip “PIC Chip” which implemented a modified version of the ARC4 algorithm that had a state array that was 1024 bytes long. The algorithm was run in the “keying mode” continuously with the “key input” actually being from the von Neumann de-bias circuit converted into 10bit integer numbers.

Whilst the ARC4 algorithm ran as fast as it could in the PIC fore ground mode the converting of random bits into 10bit key inputs was done in the timer interupt algorithm.

Also running in the PIC interrupt was “bit banging serial convertion. This enabled a “free-wheeling” effect to interupt the main ARC4 generator so that it suffered from a fairly frequent “stop-n-go” behaviour making it’s random evolving of the ARC4 Sarray even less predictable to an observer.

I hope that gives you some “food for thought” and let me know if you need any further info.

1305 July 1, 2019 10:17 PM

No one here has asked who did it?

  1. The NSA

Is it possible that they have weakened encryption across the US Gov?

sure, maybe

Notice that Yubico uses the fake NIST curves, 2048-bit keys, and the moderately secure OpenGPG standard. It is in the USA.

  1. China

sure, maybe

If so, think about the number of people in cyber for Uncle Sam who dropped the ball. The about the depth and width of the circus.

1 or 2?


Denton Scratch July 2, 2019 1:04 AM


Thanks for those detailed comments. I learned some of those lessons on my own; but the design of HF power-supply circuitry, in particular, was well beyond me. Several of your observations went right over my head.

To put it crudely, I’m a total amateur in too many ways to have ever had any chance of success, especially in view of the fact I had no adequate test equipment. However – it was an entertaining experiment; I learned a lot (enough to be suspicious about most commercial TRNGs); and I did have enough clue to realise that my experiments were failing, and eventually I clocked that the task called for a bigger man than me.

I did acquire a number of cheap USB microcontroller boards, and learned about hooking-up modern microcontrollers to various kinds of analog and digital circuitry. They’re fun, especially compared with my previous experience: Z80s with external IO Controllers. Not fun.

Of course, I remain interested in the field; but not at the level of soldering irons, any more.

Gerard van Vooren July 2, 2019 1:51 AM

Does it matters? I don’t think so after the RSA key f*ckup, which turned out to be an NSA operation. Hmm, maybe it does matter.

NVIS July 2, 2019 3:51 AM

@Clive Robinson

 I really like your comments. You have some of the technical background to help make these issues clear.

 Whitfield Diffie said that if you can make random numbers, you can have a private conversation.  If there is one thing that will remove the bubbles from the champagne for the people watching you, it is this:

IKEBD LCCEJ QRXIH AANER BJEUS etc. (laughing at you kinda stops)

 One imagines that 256-bit keys from a strong KDF hardened against GPUs and set up against side channel attacks is also unpleasant when used in the right block cipher in a good implementation.

 So take away the random numbers.  That makes life more pleasant.

 I do not blame the NSA for needing to spy on every US Gov employee.  They must have decided to give them a certain level of security, one that they can overcome.  The mind-blowing monkeyshow of it all is this:  the US has weakened its own encryption so it can spy on itself and make it easier for threatening actors to do so too.  How cute!

 OK, folks, please let me draw your attention to the dancing baboons in the middle ring, and the elephant with two heads.  Welcome to crazytown, a place that cannot win a war, even against a small number of people who wear plastic shoes in winter and have primitive weapons (the Taliban).  But we sure can spy on ourselves if you give us 200 billion dollars!

 What a pathetic joke.  And how does it feel to work, and perhaps risk your life, knowing that your 180 degree spot has a pair of eyes peeled onto you 24/7?  Something is wrong folks.  So what is the problem?  OK, things are not so great in Mordor, the Eye is not sleeping, but the Eye should not sleep. And the Eye is watching, but then again the eye should be watching.

 But it should not make it easier to break into US communications.  And how about NSA/Yubico?  I cannot wait to go out and buy some trusted Yubikeys!

 By the way, what caused Yubiko to have to spill the beans?

 It is all bad folks, bad for America...  a threat to national security.

Clive Robinson July 2, 2019 6:15 AM

@ Bruce,

One thing it is worth users noting. From the security advisory,

A random value is used as a basis for keys derivation used by RSA and ECDSA algorithms leveraged in some YubiKey FIPS Series applications. The buffer holding the value contains some predictable content making the value less random than intended. This issue occurs during power-up of the YubiKey only.

This could lead the average user to think that only the “first use” on pluging in the device into the USB port is what is at risk.

That unfortunately is not true, you need to remember that the power to USB ports can be regarded as being under “software control” in that they can often be turned off when not in use and the computer is in a partial shutdown state (hibernate / suspend etc) in normal operation.

Thus it is possible for malicious code to cycle the USB power to the key device when ever it wishes to, as the current keys do not have power or usage/communications indicators on them.

These lack of indicators can be regarded as a security vulnerability in it’s own right as having them would alert users to “unusual activity” with the key devices.

Bob Paddock July 2, 2019 7:07 AM

@Clive Robinson, @Denton Scratch

“Thus whilst an actual –real– Zener diode can be used the noise source…”

Clive what do you think of Noise Com’s noise diodes and modules?:


“To get an idea of how to do this have a look at the design of either high quality DC instrumentation inputs or high quality audio preamplifiers for the likes of ribbon mics.”

The somewhat obscure high end studio grade audio company ‘THAT Corporation’, makes some particularly interesting Application/Design Notes, and low noise semiconductors:


While not related to ‘Random’ the ‘Non-Linear Capacitor’ that is used and discussed in several is particularly fascinating.

“…not using switching power supplies unless correctly filtered to -100dBV or better below rail swing.”

As to powering the device, would the parallel versions of the hermetic package LTC6655 Voltage Reference, as shown in Typical Applications be good enough? Must not overlook the noise added by the 32.4 Ohm blast resistors.


Nor overlook microphonics from any ceramic capacitors. Don’t want to be sensing the elevator in a building two blocks away (‘Random’ repetitive low frequency signal more active during certain times of the day) as happened in one sensitive design.

Two asides:

A) There is a company in Florida that sells ‘Space Grade’ low-noise parts, sorry don’t have data book at hand for name or URL, for ultrasensitive low signal acquisition and applications.

B) Always plot any ‘Random’ experiments against Local Apparent Sidereal Time to see if there is any correlation to that.

Denton Scratch July 2, 2019 9:07 AM


” They must have decided to give them a certain level of security, one that they can overcome. The mind-blowing monkeyshow of it all is this: the US has weakened its own encryption so it can spy on itself and make it easier for threatening actors to do so too.”

I was once told that it was a fundamental principle of weapons development that you should NEVER deploy a weapon to which you do not already have a countermeasure (unless the adversary already has the weapon of course). Ideally, you develop the countermeasure before you develop the weapon, not after. The problem here is that the adversary appears to be their own people and their own staff. And the countermeasures nowadays become public almost as soon as the cryptosystem.

Dave July 2, 2019 10:16 PM

@nusch: It was properly FIPS certified, like many other products. However, what this certifies is how desperate vendors are to sell to government agencies, not how secure a product is.

Dave July 2, 2019 10:26 PM

@Dan: For those deriding the worth of FIPS certification, it’s worth noting that the standard verification process checks that the encryption algorithm is correctly implemented

So does connecting to https://www.google.com, and it costs nothing, unlike the >$100K price of a FIPS 140.

@Dan: and that the device is physically resistant to tampering.

For a level 1, it’s more an exercise in paperwork production than any physical tamper-resistance.

Jon July 3, 2019 12:20 AM


Seems to me that you should throw the output of your RNG through a hash function, and then use the output hash as the random number. That way a small cyclical signal will get lost – in that any small signal input change will cause vast differences in the output.

Might not be perfect, but nothing really is…


RealFakeNews July 3, 2019 7:34 AM

On the top of software engineering:

Was this bug in existing code, or new code?

“If it ain’t broke, don’t fix it”???

If it’s certified then surely the updated firmware requires re-certification?

Too many questions as always.

@Clive Robinson, @Denton Scratch:

Interesting reading your discussion.

A thought I had: if you’re not wanting to generate keys in seconds or minutes, how about hooking up a HF receiver and listening to cosmic background over a period of days?

How random does random need to be? Is it enough to get 90%? 95%? Perfection is something humans are incapable of.

Clive Robinson July 3, 2019 9:58 AM

@ Jon,

That way a small cyclical signal will get lost – in that any small signal input change will cause vast differences in the output.

No it won’t get lost.

A hash of a values that are less than the hash size is in effect a simple substitution cipher with a large alphabet, nothing more.

It in no way adds entropy which is why for several decades I’ve called it “Magic Pixie-dust Thinking”.

If you consider an opponent like the NSA they will buy up one or more devices with TRNG’s in and “tear them down” to find out exactly how they work, and more importantly all the weaknesses.

They will carefully examine the output of the noise source prior to any magic pixie dust crypto and make detailed charecterisations of it and any bias and range in it’s output. They will also study the other parts of the analog circuitry for determinancy or chaotic behaviour in their output, as well.

They will use this information to produce a statistical model of the input to the hash function and then use it to build the equivalent of a sparse dictionary attack rainbow table so that they can determain synchronization points. This might be just a few thousand values either side of the effective zero crossing point or likewise a known maxima or both.

If you are going to use a crypto function on the output of a TRNG then you realy need to use a Crypto-Secure (CS) algorithim in a mode where there is a lot of feedback from the output mixed in to the input.

One such way is the equivalent of a feedback multitap shift register with nonlinear mixing, which is in effect a form of stream cipher generator.

Another is to use the likes of shift registers and block cipher such that a mixing function between various TRNG values drives the “key input” to the block cipher whilst other TRNG values drive the “data input” to the block cipher.

Another method to spread the entropy of each TRNG output across many DRNG outputs is to use an entropy mixing pool. That is you have a storage array which you mix up with a mixing function for each TRNG output, and a selection function selects a small subset ot the values in the storage array to combine in a suitable combining function such that when the result appears at the DRNG output it can not be reversed back to a unique known input even with a dictionary attack, thus the state of the storage array can not be uniquely determined from the observed output of the DRNG.

Another advantage of a storage array is that you can use it to also de-bias any residual non true entropy output from the TRNG. To see how this might be implemented look up the various “card shuffling algorithms” around.

Clive Robinson July 3, 2019 4:49 PM

@ Bob Paddock,

Clive what do you think of Noise Com’s noise diodes and modules?

Well they talk about 4KBTR noise in some of their paperwork, but that is not the predominant noise in semiconductors. I’m guessing from other bits of their blurb that they are actually using chips with seriesed and paralleled devices which they then “trim on test” to give the required performance.

What they don’t mention is price.. However they do talk of using one of their sources as being cheaper than using a good quallity signal generator… Which kind of means they cost less than a few thousand dollars if they are anything like HP used to be 😉

But there is a dirty little secret that quite a few Hams know which is certain millimetric microwave diodes that cost around 75USD as an antiparallel pair also make quite good noise sources up into the high microwaves.

But the trouble with most semiconductor noise sources when you’ve removed the bottom end 1/f, flicker noise etc you are getting very low levels of noise, which means carefull circuit design to get gain without ruining the actuall noise signal. Whilst there are MMIC and ModAmps you can use upto around 10GHz their gain curves are not as predictable as you might like plus their input impedance is at best “nominallt” 50 ohms. This means adding external feedback which few electronic engineers know how to do and CAD software is generally not upto the finer points shall we say. Or to put it another way it gets you the first 75-80% of the way, then it takes real experience and skill to get it where you want it to be.

Thirty years ago I was happy to hang my shingle up with “RF DesEng” on it, these days no I’d rather not. Lets put it this way, life feals a little crazy when you use such tricks as the drill size for a through board via to also act as a band pass filter…

If @Wael is reading along, he can probably say how daft things can get from when he studied in realm of RF Eng.

As an example, there is an antenna called a discone that gets it’s name from the fact it is a disk mounted above a cone. Interestingly the bottom of the cone can join a conducting plane that is parallel to the disk, knowing this is important. Because the ordinary discone has a bandwidth between 6:1 and 10:1 and the limitation on it being higher is what you do between the top of the cone –which is truncated– and the disk. Now you might have heard of “fractal antennas” which use repeated patterns to increase the bandwidth or work at multiple frequency points for the likes of mobile phones?

Well it turns out you can use the fractal principle with the discone. Turn it upside down such that the top of the truncated cone becomes the equivalent of the disc for this upside down little discone, and obviously the bottom of it’s cone which is now uppermost treats the disc of the larger discone as it’s equivalent of a ground plane… The result is if you get things right (and MEMS software helps here) then the bandwidth goes up to between 50:1 and 120:1… So one antenna can work the entire VHF and UHF bands with a rather usefull radiation pattern. Which if you actually turn the whole contraption upside down and make a couple of “secret sauce” modifications that makes the antenna provides a near uniform reception level for low earth orbit satellites from horizon to zenith. Which some people think is rather useful for various reasons. Others think that such a bandwidth is also rather usefull for frequency agile MIMO systems that can be used to give some interesting security properties. Oh and of course what you can do at the top of one truncated cone, you can do to another lesser cone. The real limit I suspect is not the mechanics but the break down voltage.

But there is also another interesting trick you can do with low loss coax. Due to something called “skin effect” at even quite low RF frequencies the outside of the outer conductor is in effect issolated from the inside of the same conductor. That is the inside and outside are independent of each other and can be used as such. So you can use the outside of the coax as an HF vertical antenna, which you can use the inside of the discone cone to act as a “capacitive hat” which means you need less counterpoise or ground radials (the two are quite different). As well as reducing the effective resonabt frequency of the verticle. Or you can be sneeky and make the outer of the coax the return for a “caged monopole” that ends in a suitable resistive load thus have a Terminated Folded Monopole which covers most of the HF band.

A friend has actually built such an antenna and it covers from 3MHz up into the 10Ghz band giving a desirable low angle radiation in the HF band and a VHF and low UHF pattern at the top that gives good coverage for mobiles, repeaters and most low earth orbit satellite passes. As for the upper UHF and microwave well that works nicely into repeaters aircraft and satellite passes.

It’s these kinds of usefull tricks that experiance not CAD Software gives you.

A90210 July 3, 2019 6:21 PM

https://idlewords.com/2019/05/what_i_learned_trying_to_secure_congressional_campaigns.htm [1]

“Recommending specific products. We told people to use Signal, iPhones/iPads, Google docs, and to buy the blue Yubikey. If any of that posed a problem, we found other products to recommend.”

Does anybody know if the “blue Yubikey” is open source?

[1] SoS post on Cegłowski’s post: https://www.schneier.com/blog/archives/2019/06/lessons_learned_1.html#comments


YubiKey 4 security concerns
Yubico has replaced all open-source components in YubiKey 4 with closed-source code, which can no longer be independently reviewed for security flaws.[34] Yubico states that internal and external review of their code is done. Yubikey NEOs are still using open-source code.[35] On May 16, 2016, Yubico CTO Jakob Ehrensvärd responded to the open-source community’s concerns with a blog post[36] affirming the company’s strong open source support and addressing the reasons and benefits of updates to the YubiKey 4.”

Clive Robinson July 3, 2019 7:56 PM

@ Alyer Babtu,

Is there a connection with the antenna-fu you describe?

Yes very much so, there is hardly a day goes by when I don’t use the products of his fertile brain.

He designed and wrote the software for the “JT” “weak signal” protocols such as JT8 that have spawned other work such as JScall etc.

Most amateur radio operators whi build and test antennas use weak signal reporting stations connected to the Internet to see where their signal is being picked up around the world.

Unfortunatly his systems don’t realy work above the bottom end of the microwave bands.

The reason is the very very narow bandwidth of the tones used requires good frequency stability with respect to the tones. Thus telling the difference between 1000Hz and 1010Hz is ~1% which requires a frequency stability of about 1/4 that which is achivable with just RC timing circuits. Now consider 10Hz difference at 1GHz (10e+9) you need stability a million times better which is beyond even TCXO’s. You can just about do it with “GPS Disciplined Oscillators” using High overtone XTAL oscillators but upwards of that you need to start using atomic standards and mixing techniques, but they run out of steam as well. Beyond that you are looking to the stars, or more specifically Joyciln Bell’s “LGM’s” and friends.

There are other techniques but they are strictly highly specialised labarotory equipment that is hand built and cryo-cooled to bring the noise down.

Bob Paddock July 8, 2019 9:49 AM

@Clive Robinson

” Now consider 10Hz difference at 1GHz (10e+9) you need stability a million times better which is beyond even TCXO’s. ”

Have you looked at any of the recent MEMs parts, especially the newest 5G ones?

I have a slock 10 MHz MEMs that at room temperature, frequency wise, looks just as stable as my 10 MHz Rubidium Standard that clocks my Frequency Counter.

“As an example, there is an antenna called a discone …”

I remember my dad playing with one of those for 2-Meters.

Have you ever considered what would happen if you took the ARRL Antenna Handbook and did it all backwards? Might be recreating the work of J.H.Rogers from World-War-One in communicating with submarines etc… http://www.rexresearch.com/rogers/1rogers.htm

Have any experience with Plasma Antenna’s? They’ve been around since some early work in the 70’s as ~10 GHz Receivers/Video Demodulates.

You will find Dr. Ted’s Plasma Ant. book and the other one he has listed of interest:



Main description:

The state of the art in antenna design and engineering

Edited by one of the world’s foremost authorities on smart antennas and featuring contributions from global experts, Frontiers in Antennas discusses the latest advances in antenna design and engineering. This pioneering guide deals primarily with frontier antenna designs and frontier numerical methods. Many of the concepts presented have emerged within the last few years and are still in a rapid state of development. Each chapter provides in-depth details on a unique and modern antenna technology.
Frontiers in Antennas covers:

Ultra-wideband antenna arrays using fractal, polyfractal, and aperiodic geometries
Smart antennas using evolutionary signal processing methods
The latest developments in Vivaldi antenna arrays
Effective media models applied to artificial magnetic conductors and high impedance surfaces
Novel developments in metamaterial antennas
Biological antenna design methods using genetic algorithms
Contact and parasitic methods applied to reconfigurable antennas
Antennas in medicine: ingestible capsule antennas using conformal meandered methods
Leaky-wave antennas
Plasma antennas which can electronically appear and disappear [Dr. Ted.]
Numerical methods in antenna modeling using time, frequency, and conformal domain decomposition methods

Table of contents
Chapter 1 Ultra-Wideband Antenna Arrays
Chapter 2 Smart Antennas
Chapter 3 Vivaldi Antenna Arrays
Chapter 4 Artificial Magnetic Conductors/High Impedance Surfaces
Chapter 5 Metamaterial Antennas
Chapter 6 Biological Antenna Design Methods
Chapter 7 Reconfigurable Antennas
Chapter 8 Antennas in Medicine: Ingestible Capsule Antennas
Chapter 9 Leaky-Wave Antennas
Chapter 10 Plasma Antennas
Chapter 11 Numerical Methods in Antenna Modeling

Biographical note
Frank B. Gross, Ph.D., served as a professor in Electrical Engineering at the Florida State University for 18 years, teaching and performing research in antennas, radar, sonar, microwave engineering, energy conversion, propagation, and electromagnetics. He earned an award as the Tau Beta Pi Teacher of the Year. Dr. Gross worked with the MITRE Corporation, Georgia Tech Research Institute, SAIC, and is currently a senior scientist at Argon ST. He has more than 35 years of experience in radar, smart antennas, electromagnetics, antenna design, and propagation. Dr. Gross wrote Smart Antennas for Wireless Communications with Matlab and contributed to Antenna Engineering Handbook, Fourth Edition.”

Wael July 8, 2019 11:55 AM

@Clive Robinson, @Bob Paddock,

If @[…] is reading along, he can probably say how daft things can get from when he studied in realm of RF Eng.

Absolutely! Been more busy than usual to actively participate. Missed this reference to me because I only scan the top 100 comments these days.

Clive Robinson July 8, 2019 3:54 PM

@ Bob Paddock,

Have you looked at any of the recent MEMs parts, especially the newest 5G ones?

Even though hermeticallt sealed they don’t hydrogen or helium near them, it gets through the case and in the case of hydrogen have non reversable effects. Even helium has quite significant adverse effect on their operation, but atleast they are reversable.

Have an Internet search for “helium dump” and iPhones stoping working.

Have you ever considered what would happen if you took the ARRL Antenna Handbook and did it all backwards?

I have and currently am redoing some of it. The problem is the likes of NEC programs, whilst they arevery powerfull they are only a far from perfect “mathmatical model”. And there are somethings they definitely get wrong that with experience and pencil and graphs you can get much closer to what actually happens in practice.

Then there are “the myths” as you may know there are resonant antennas, non resonant antennas and those that behave like transmission lines that get terminated.

Traveling wave tetminated antennas might dump on average 50% of the power at the feed point into the terminating resistance, and you get mainly broadband performance as a result. However there are plebty of non terminated antennas that are at best 10% efficient. Try convincing some they are better off with a terminated antenna and you will have a sisyphean task on your hands.

One example to consider is the harmonic dipole antenna. If you center feed it you get all sorts of problems. However “ofset feed” it then conventional wisdom says 1/3 2/3 split is what you should use (it’s actually 36% 64%) but you get a better response around 1/6 5/6 and then add a resistor across the feed point. Which can be further improved with a capacitor at the dipole mid point. I’ve built a couple to use as vertical dipoles where the choked coax actually formd the 1/6th element, thus easy to throw in a tree no wories about getting the coax at 90degrees at the feed point or having to have a thoudand feet of copper wire buried an inch under the ground. There is another trick that you can do which is to shorten the 1/6th and add a “corona ring” that adds capacitance, that also acts a little like very short raised radials that change the radiation pattern benificially for some activities… So far I appear to be the only person to have done this, not that it’s clever, it’s just a logical progression.

Have any experience with Plasma Antenna’s?

Yes some I’ve made a few in the past when I had a University glass blower who normally worked in the laser lab to do things for me.

Most standard antennas can be made in glass tube with the appropriate gas in them. The problem is “striking and maintaining” the plasma. Put simply 6KV-25KV for the strike and 1.5KV-6KV for maintaining the plasma has it’s own interesting issues not least of which they need a conductor very much inside the near field…

The way I got around it was a “folded monopole” over a “ring/halo ground plane”. The not mentioned but important reason for investigating them is TEMPEST / EmSec. People tend to think antennas are only detectable when they are transmitting. The reality is they are detectable as long as they are conducting and they are just as detectable as “window” or “chaff” that has been used since WWII to jam radar systems. The thing about a plasma antenna is when there is no “struck” plasma they are non conducting glass tubes that don’t be have as resonant antennas.

Oh and antennas don’t have to be made of conductors… People tend to forget that dialectrics such as plastics, ceramics and glass “bend EM radiation” just as glass lenses focus light… I’ve got a 10GHz antenna I made with plastic disks seperated by expanded polystyrene spacers it’s incredibly light, very strong and works better than expected…

@ Wael,

Missed this reference to me because I only scan the top 100 comments these days.

Which probably means you will miss this as it’s too far down the comment to appear on the 100 last comments page. I’ve missed a few coments from @65535 and one or two other regulars I’ve only later found by accident.

I’ll wait a day or so to see if you catch this, otherwise I’ll post a short comment 😉

Wael July 8, 2019 4:01 PM

@Clive Robinson,

Which probably means you will miss this as it’s too far down the comment…

I do dig deeper on interesting topics 😉

Oh and antennas don’t have to be made of conductors

That was one of my early surprises. The next one was that antennas may not be “material” at all.

Clive Robinson July 8, 2019 6:49 PM

@ Wael,

The next one was that antennas may not be “material” at all.

Yes in theory EM waves are the result of the movment of “fundemental charges”, and most “forces” can be brought to bear on them.

For instance I guess you know how a “sun and planet” cavity resonator magnetron works?

Well the principle also works as an amplifer, but as it “bunches) as well it is also behaving like a lense. Spin a tube of sufficient size woth magnets down the inside then suprise surprise it will act as a lense. Oddly at first is the notion of a “hot air lense” you simply take a metallic tube spin it around it’s axial length and heat it up with a blow torch and the difference in the density in the tube gives you a lense when you look down the inside length pf the tube. Two such tubes will give you the equivalent of an old faahioned “Spy Glass” style telescope…

Some are even talking about the lensing effect of “dark energy” though I must admit I’m somewhat skeptical about the whole “dark” notions comming out of astro physics anyway.

Bob Paddock July 9, 2019 7:25 AM

“Some are even talking about the lensing effect of “dark energy” though I must admit I’m somewhat skeptical about the whole “dark” notions comming out of astro physics anyway.”

The Electric Universe/Plasma Universe Models gives a logical explanation for most things, unlike the Mainstream Establishment and their continuing failure to find ‘Dark Mater/Energy’ at ever increasing tax paper expense.


Someday we will figure out how to harness Birkeland currents, and the works of Hannes Alfvén, to power our widgets via ‘Magnetic Batteries’, as some Prophets of old have predicted.

I expect Hannes Alfvén work is related to your spinning magnet lenses?

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.