log☇︎
800+ entries in 0.383s
mircea_popescu: (on proper rng. on bs prng / kochgpg etc, they don't.)
asciilifeform: in an honest rng
diana_coman: http://btcbase.org/log/2017-11-14#1737414 <- confirmed; I do NOT use any nextprime or other "rng"-parts from gpg; current rsatron prototype simply grabs nbits from fg, flips the 2 top bits and 1 bottom bit as per previous discussion and then checks if result is prime; if prime then keep, otherwise discard and try again; no "add 2 until prime" or other such thing ☝︎
asciilifeform: afaik the only remaining, and most obvious 'loss' is the one implicit in prime number theorem ( where , wat, ~10k possible rng outputs correspond to same prime output )
asciilifeform: ( she is using my sanitized gpg bignum. but i did not preserve koch's faux-rng atrocity ; so anything pertaining to entropy, is new )
mircea_popescu: the reason is that (in a translation of what koch-gpg does into sanity) you take 2045 bits of rng for each possible prime, stick 11 in front and 1 in the tail and THAT is your 2048 bit prime candidate.
a111: Logged on 2017-11-10 14:12 asciilifeform: when i sit to play a game, it feels like dereliction of duty, with, e.g., ffa yet undone, dulap not yet replaces, scintollator rng not complete, 9000 other processes
asciilifeform: when i sit to play a game, it feels like dereliction of duty, with, e.g., ffa yet undone, dulap not yet replaces, scintollator rng not complete, 9000 other processes ☟︎
asciilifeform: and since i built the rng, i can also be quite certain that there is not such a prime that it will forever avoid generating.
apeloyee: can't. I was sarcastic, because I don't see how CRT construction can amplify, assuming not obviously broken/backdoored RNG. why won't long-range correlations kill mthe "pick random prime" method as well?
apeloyee: perharps running rabin-miller "amplifies small/temporary imperfections in the rng, into fatal"
asciilifeform: the use of constructed primes, potentially amplifies small/temporary imperfections in the rng, into fatal
asciilifeform: 1 problem is that perfect uniform distrib and perfectly independent rng bits, cannot be shown to exist physically.
asciilifeform: and i will NOT make a rng that doesn't work with msdos box
asciilifeform: i dun like having rng that is physically capable of putting out nonrandom.
asciilifeform: ( a shit rng that fools ent is much easier to build, even by accident, than same vs dieharder )
asciilifeform: really it is good for finding catastrophically broken rng, and no moar
shinohai: In other faulty rng's http://archive.is/Wm4e7
asciilifeform: no actual detail of rng diddle, shown.
a111: Logged on 2016-02-10 19:29 asciilifeform: (incidentally, the problem of an inner cipher introducing known-plaintextisms is solved routinely by splitting the payload into xor-able halves, using rng, and enciphering each ~half~ with different cipher, rather than box-in-box composition)
asciilifeform: unbiased -- in this case -- would mean that it eats ANY bitstring from rng, R, and maps it to UNIQUE prime , P
mircea_popescu: famously, maple misidentified the guy's number. not because of rng, eiher.
asciilifeform: mircea_popescu: chance of these without sabotaged rng is < chance of meteorite
asciilifeform: mircea_popescu: all that means is that one of the inputs comes from rng.
asciilifeform: because all you do is get NEXT N bits from rng, they have ( if rng is proper ) 0 relation to previous N
asciilifeform: rejecting rng result that doesn't pass the gcd sieve -- leaks nothing
mircea_popescu: leaking rng quality is more of a concern for debian/prngs.
asciilifeform: apeloyee: no contradiction. the variability of time is in the ~test~, not the output result , which naturally will vary depending on what rng gave you
mircea_popescu: incidentally, if looking for 4096 bit prime wouldn't the correct approach be to take 4094 bits of rng and glue 1 on either end ?
a111: Logged on 2017-08-14 16:14 asciilifeform: ( tldr : superiority of the FUCKGOATS-enabled approach, of get-new-N-bits-from-rng-then-primalitytest-until-done, vs the kochian get-N-bits-then-increment-until-passes-millerrabin )
asciilifeform: phun phakt, this calculation is taken from the gpg autopsies last summer, when asciilifeform was chasing imaginary rng boojum after somebody found a real one
asciilifeform: i actually considered own variant of this for 'chemical rng' , but realized that it is screamingly impractical
asciilifeform: you will notice that koch's rng atrocity ain't in there.
a111: 21 results for "gpg rng", http://btcbase.org/log-search?q=gpg%20rng
asciilifeform: !#s gpg rng
cruciform: asciilifeform: I want auditable RNG, and rolling dice is putting me on tilt
asciilifeform: cruciform: if you 'just want' 'an rng, dun matter what kind' -- the cost is 0, your cpu maker already supplied you with a liquishit rng
mod6: asciilifeform: so far, i've only gone to the extent of unplugging both RNG-TWs and ensuring that the SAD lamp does what it should.
asciilifeform: FG-II rng will prolly have 4 pins, 1 for shifter pulse, to make yoking ultra-easy at ~0 cost.
asciilifeform: i'm partial to well-made electric rng
asciilifeform: it is my policy not to ask FG buyers any questions, i have nfi why bought, whether to use as rng or fishing lure, and don't really care
asciilifeform: i would ask 'what's to keep some unrelated d00d from making walletrons that simply talk over rs232..' but then remembered that it is probably same thing that keeps'em from making rng where ditto despite how OMFG WE PUBLISHED DESIGN
asciilifeform: i ran into it when trying to replicate the classical 'dead rng' debian setup
mircea_popescu: and besides there's already a rng.
mircea_popescu: asciilifeform consider something like : 1. split item to sign into 512 byte blocks. create block 0 from rng. sign hash(block 0), hash(block 1 + hash(block 0)), hash(block 2 + hash(block 1 + hash(block 0))), and so following.
asciilifeform: lol debian rng
a111: Logged on 2017-09-01 22:15 asciilifeform: 'We submitted extensive information about our random number generator (RNG) to an independent organization. We asked this trusted resource to perform an in-depth analysis of the randomness of the output of the RNG, and its implementation in the shuffling of the cards on our platform.'
asciilifeform: Barbarossa_: there are commercial rng that use interferometer, yes ( NONE of them auditable by owner, in fact many epoxied and otherwise artificially painful to examine )
asciilifeform: 'We submitted extensive information about our random number generator (RNG) to an independent organization. We asked this trusted resource to perform an in-depth analysis of the randomness of the output of the RNG, and its implementation in the shuffling of the cards on our platform.' ☟︎
asciilifeform: Barbarossa_: where can i find out re pokerstars rng ?
asciilifeform: Barbarossa_: see also http://qntra.net/2016/08/rng-whitening-bug-weakened-all-versions-of-gpg
asciilifeform: i experimented with many types of rng.
asciilifeform: analogue effects in practice suck for proper rng
asciilifeform: i expect a pokerist would have something to say re rng, aha
asciilifeform: plenty of green field left also. e.g. the freebsd-had-no-rng-for-two-years thing
mircea_popescu: funny you should mention that, there's also a discussion re rng and power in teh logs.
asciilifeform: !~google mercury switch rng
asciilifeform: and - while we're on subj -- the naive replacement, a ball-in-pipe tilt switch, is NOT suitable for rng -- contact bounce is patterned; and oxidized contacts -- semiconduct.
mircea_popescu: kv-1 rng
asciilifeform: in other quasi-noose, here's a simple electric rng suitable for very low bit-rate application ( e.g. walletrons for sig nonce ) : small mercury tilt switch, gates clock signal to counter, and a flipflop. when the latter toggles, the counter value is forwarded to a register; every 2 shots end up vonneumanned and xor'd into the output reg.
mircea_popescu: that's his point, if you have the rng it's much better quality secret primes for the same effort.
shinohai: yup. also same one with the single-integer rng bug.
asciilifeform: 'rng bits are expensive' spawned quite a few idiocies , by itself
a111: Logged on 2017-08-14 16:14 asciilifeform: ( tldr : superiority of the FUCKGOATS-enabled approach, of get-new-N-bits-from-rng-then-primalitytest-until-done, vs the kochian get-N-bits-then-increment-until-passes-millerrabin )
asciilifeform: ( tldr : superiority of the FUCKGOATS-enabled approach, of get-new-N-bits-from-rng-then-primalitytest-until-done, vs the kochian get-N-bits-then-increment-until-passes-millerrabin ) ☟︎☟︎
mircea_popescu: the rng consumption will be significant though.
a111: Logged on 2017-02-14 19:19 asciilifeform: specifically, for every byte you intend to send, you instead send two: x, y. which you generate by obtaining rng byte r, and payload byte b, and x := b xor r, y := r
a111: Logged on 2016-12-24 01:11 asciilifeform: so one ~horrid~ padding algo would be to get a bitstring from my rng, xor the message to it, then send a message of 2x length of original consisting of: [the bitstring from rng][the result of the xor]
a111: Logged on 2017-02-14 19:19 asciilifeform: specifically, for every byte you intend to send, you instead send two: x, y. which you generate by obtaining rng byte r, and payload byte b, and x := b xor r, y := r
asciilifeform: well they still play cards, that get shuffled, just like 500 yrs ago. unless i misunderstood the rng remark.
asciilifeform: so can't be the rng
a111: Logged on 2017-07-22 17:57 mircea_popescu: asciilifeform reason why extinct is that no longer need deck for rng. which is ~all that was.
mircea_popescu: asciilifeform reason why extinct is that no longer need deck for rng. which is ~all that was. ☟︎
a111: Logged on 2017-07-20 22:05 asciilifeform: not if you own an rng.
asciilifeform: not if you own an rng. ☟︎
mircea_popescu: "has no internet connection, and no rng. can still use ?"
asciilifeform: bot node, generally, has nothing like an actual rng.
mircea_popescu: did you read the "whores moaning in orgasmic agony source of rng" thread ?
asciilifeform: ( that, or lovingly crafted bot with delay rng )
asciilifeform: ( statistical tests only reveal broken rng , but never a working one )
asciilifeform: dijkstra's 'testing reveals presence of bugs, but not absence' applies just the same to rng.
asciilifeform: ( for what does this operation use the original values that came out of the rng ? )
mircea_popescu: what do you mean there exists no gold rng ?
asciilifeform: which is frustrating because you can't resort to 'empirical test' here , because circular, there EXISTS NO 'gold rng'
asciilifeform: i thought 'rap' lyrics were officially required to come out of a certified an'sealed shannonizer, like las vegas one armed bandit rng
mircea_popescu: there's no "best use of measurement" for exact same reason there's no "wot best practices", or "ideal rng values"
asciilifeform: the plan 'for broken rng' is to have 7 running from 7 batteries.
asciilifeform: mircea_popescu: one nuance is -- it is folly to plan FOR a broken rng. 'what to do if a shell lands in my trench? jump twenty metres and scatter yerself around'
mircea_popescu is sick of "famous people" like of crab apples. let them sit in some other latrine with their "oh i lost my pgp key 20 years ago" zimmerman and their "i dedicate my life to raising impudent street urchins as if they were white people" bernstein and their "oh hi, rng ?" koch and their "o btw, i lied about that laptop" rms everything else.
mircea_popescu: the above should plainly explain btw (for instance, via asciilifeform 's "beat the ai" game), why rng is absolutely required for sovereign entity to even in principle exist.
asciilifeform: could play same game without leaving home: connect rng to pistol, if fails to produce shitoshi privkey - bang
asciilifeform: 'Sources need to be statistically assessed. The quality of the entropy being produced needs to be estimated so that enough can be released to properly seed the RNG. The dieharder and TESTU01 suites are good but they both require prohibitively large amounts of random data to operate. NIST's SP800-90B tests seem to be statistically sound and have manageable data requirements....' << didjaknow!
mircea_popescu: opposite i mean to the general. like "making rng more complex is silly -- here, use tyhis broken one"
asciilifeform: i.e. a signed(S) could not have practically come into existence before you broadcast S, if the latter is a long rng turd
a111: Logged on 2017-06-14 12:29 asciilifeform: http://btcbase.org/log/2017-06-14#1670142 << this is pure gold, ty for posting, phf . it's rng-nonsense from back when folx were posting ~erudite~ nonsense, rather than the regular redditola snore
a111: Logged on 2017-06-14 12:40 asciilifeform: a sound card rng is considerably better than... none at all. but this is all that can be said for it.
asciilifeform: a sound card rng is considerably better than... none at all. but this is all that can be said for it. ☟︎
asciilifeform: incidentally at one time quite a few folx, incl. some of the people here, used sound card rng
asciilifeform: http://btcbase.org/log/2017-06-14#1670142 << this is pure gold, ty for posting, phf . it's rng-nonsense from back when folx were posting ~erudite~ nonsense, rather than the regular redditola snore ☝︎☟︎
asciilifeform: mircea_popescu: the koch episode was actually illustrative of the futility of 'just fix /dev/random'. it'd have done ~zero~ against the koch rng poisoning thing.