tmsr - Search: Entropy

867 entries in 0.56s

assbot: Logged on 22-03-2014 17:19:21; asciilifeform: incidentally, my first exposure to the problem of RNGs with inadequate entropy was by accident, at uni

jurov: dat my mind. just produced a thought "what if we measure trilema entropy? and what if it ends up being over-unity?"

mircea_popescu: chetty: does security exist in nature? << yes, actually. entropy securely flows one way, and god help you if you mess with mass conservation.

mircea_popescu: kakobrekla not really, cause small kid tends to paw, and clustered keys is one of the main enemies of entropy

BingoBoingo: Seriously, burned rather than finish finding entropy to generate keys

mircea_popescu: -192 and AES-256 revealing the final round key provides 128 bits of key entropy.)

decimation: well, mircea's theory is that musical tastes randomly change with time & entropy, the same is true for academic fashions

asciilifeform: entropy, at least, -is- always out to get you.

MolokoDesk: freudian entropy.

asciilifeform: how << entropy?

assbot: Important read on randomness and Kolmogorov complexity: http://t.co/7GvlEz0Q6F This is why entropy matters: http://t.co/Gd6urFTU2s

BingoBoingo: MolokoDeck: If you have a good source of entropy for nonces, electrum has a nice CLI, this thing prolly ought to be connected to a private electrum server though if going for that over bitcoind

BingoBoingo: Seriously what does onename.io work with other tha grossly insufficient entropy wallet

punkman: yeah you don't have to spend any processing cycles on what the other guy said, just do the most superficial patter-matching to harvest some entropy for your markov chain

RebeccaBitcoin: However to what you were really asking, yes, i am satisfied with the response to my entropy question

RebeccaBitcoin: ya thats why I wanted to ask you about the mouse entropy thing

pete_dushenski: RebeccaBitcoin: not saying you have to use it, merely that it talks about the entropy of javascript mouse clicks

assbot: Proof That Mycelium Knows How To Make A Better RNG For Its Entropy Dongle. And Isn't. | Contravex: A blog by Pete Dushenski

pete_dushenski: RebeccaBitcoin: i read the logs. have you read http://contravex.com/2014/07/17/proof-that-mycelium-knows-how-to-make-a-better-rng-for-its-entropy-dongle-and-isnt/ ?

RebeccaBitcoin: you missed my questions about entropy

RebeccaBitcoin: Before this conversation got out of hand, i was mainly referring to the ability of this site to generate a random wallet. I've read before that mouse entropy is crap. While there are 2892383289 ^298289 possible private keys for Bitcoin, a wallet like this might be much more limited. As such, a system like this might only be capable of generating a

fluffypony: from an entropy perspective it's a perfectly viable aspect

fluffypony: I don't think the mouse movey thing is any worse than the the way /dev/urandom collects entropy from mouse movements / keyboard entry

ben_vulpes: RebeccaBitcoin: thou shalt not mix js and crypto, much less js and entropy.

RebeccaBitcoin: as a method of generating entropy or whatever

RebeccaBitcoin: I have an entropy question

mircea_popescu: BingoBoingo http://contravex.com/2014/07/17/proof-that-mycelium-knows-how-to-make-a-better-rng-for-its-entropy-dongle-and-isnt/http:// << this link is broken

ColinT: "Useable entropy"?

mircea_popescu: the major point of difference being that out of the glass, of water or of emotion, one can extract usable entropy. not so from logic, at all.

benkay: <RebeccaBitcoin> is that unethical // brainwallets must have adequate entropy, and no JS doth not provide.

kuzetsa: heat death of the universe resets everything to a state of entropy, including politics

asciilifeform: mircea_popescu: this is actually a traditional means of generating 'hardware entropy' on a pc. i rediscovered it as a kid, thought i 'had something nice'

mircea_popescu: it's equalizing over time. hey asciilifeform ! i just got some entropy!

BingoBoingo: do you read this thing like i do, ie, a nsa-sponsored attempt to survive the "everyone has cardano rng on board" apocalypse by making good entropy sources still circumventable ? << I read either that or some kernel afficianado who would buy a unix pacemaker

mircea_popescu: sciilifeform do you read this thing like i do, ie, a nsa-sponsored attempt to survive the "everyone has cardano rng on board" apocalypse by making good entropy sources still circumventable ?

mircea_popescu: Dropping out the egd support made me puzzled for a moment, but then I realized that there is no point in using egd to feed the randomness to the process, you just need to feed entropy to the kernel, and let the process get it normally. I have had, unfortunately, quite a bit of experience with entropy-generating daemons, and I wonder if this might be the right time to suggest getting a new multi-source daemon out." << a

mircea_popescu: no, the contrary. in the quest to make determinism infeasible, it requires some sort of entropy reservoir outside-the-world.

mircea_popescu: one of the core (if unknown) principles underscoring all creation is that the qty of entropy in a system remains the same if it's cut in half.

mircea_popescu: <decimation> any source of finite entropy would eventually exhaust << this breaks physics.

decimation: any source of finite entropy would eventually exhaust

mircea_popescu: what's this, a way to reduce key entropy to breakable levels ?

assbot: Simtec Electronics Entropy Key: USB True Random Number Generator

Vexual: entropy is irrelevantr oto these soothsaysers

jurov: next time i see someone reading from bones or coffee stain imma pester them whether they have tested past output for enough entropy

mircea_popescu: there's no free entropy lunch.

Vexual: i dtill think a cell phne cam is an excellent source of entropy

decimation: "we have to accept that we can't give real entropy to those that need it, so shut up and get on the bus

decimation: asciilifeform: re: linux on /dev/random "To me it sounds from your description that you may well be on the edge of "too anal". Real life _has_ to be taken into account, and not accepting entropy because of theoretical issues is _not_ a good idea"

asciilifeform: decimation: the suitability of a number sequence for use as 'cryptographic entropy' is not a mathematical property of the sequence. it is a property of the aggregate of the sequence and the world in which it lives - i.e. whether the sequence is, or can easily become, known to the enemy.

asciilifeform: gives unbiased output at the potential cost of never terminating (in that case you know for a fact that your entropy source is defective)

BingoBoingo: reeses: User provided entropy sources http://www.newscientist.com/article/dn25859-stem-cell-treatment-causes-nasal-growth-in-womans-back.html Rassah asciilifeform

penguirker: New blog post: http://bitcoinpete.com/2014/07/17/proof-that-mycelium-knows-how-to-make-a-better-rng-for-its-entropy-dongle-and-isnt/

mircea_popescu: <decimation> mircea: the chance of a random integer from 1 to x being prime is about 1/ln(x) << you just use the entropy to seed, much like pgp does. you don't actually roll the prime itself.

benkay: put a nice HD camera in there and you might capture...*some* entropy.

mircea_popescu: entropy and bias are not exactly orthogonal concerns, but they're still at an angle here

decimation: ideally you want natural entropy

mircea_popescu: decimation he prolly means just for the entropy.

mthreat: Rassah et al: Would an accelerometer be a good source of entropy? "shake to randomize"

benkay: mostly on the topic of getting entropy out of sram imho

Rassah: benkay: a lot of tings said on the topic of that Entropy device have been very retarded

asciilifeform: Rassah: i have a perfectly adequate source of physical entropy. actually a small crate of them at this point.

Rassah: asciilifeform: I use "hash" interchangeably with "compute with one of the inputs for the formula being your source of entropy, and the output being your private key

Rassah: Nikita: Total size 32 kBytes, we use about 21 kB as entropy source.

Rassah: Me: You're basically saying that, even if they stole the device and examined it, or stole one that was made right after it with similar chip characteristics, they'd still have 8000 bits of entropy to dea with, making their brutefocing impossible?

Rassah: So it's a good thing we're not relying on just SRAM fo the entropy then

Rassah: asciilifeform: So, if I use an entropy device to generate paper walets, you can bruteforce it by recording the temperature in my room???

Rassah: put it in the freezer in the kitchen and collected data while it was cooling down. There was still plenty at 0ºC, but it smoothly went down to zero entropy around -20º. The cells with high skew are those which effectively constitute device signature.

Rassah: asciilifeform: From Nikita again: Most cells have too much skew to be useful. We suck entropy out of those whose skew is low. That's why there is ~21:1 cell-to-entropy ratio at room temperature on most devices. They had one device from Microchip IIRC, whose entropy was much lower, but the others were very close to the 20–21 ballpark. We analysed data from MRD SoC, which is in the bitcoincard, and got the same 21:1 ratio. Then I

Rassah: Will Atmel know what your seed and other entropy sources are? If not, why does it matter?

asciilifeform: Rassah: by what means do you 'collect the entropy' ?

Rassah: We don't use hashing as a source of entropy, no. Only to combine ours with a salt

asciilifeform: mircea_popescu: yes. some people, somehow, think this adds 'entropy'

asciilifeform: Rassah: hashing as an attempt to 'distill' entropy.

Rassah: It may reduce entropy, but it inreases he number of attack vectors, doesn't it? Attacker would need both the hardware based RNG and the salt to compromise it

asciilifeform: Rassah: do you actually believe that hashing can add (instead of subtracting) entropy?

Rassah: Initially the idea was: Write a salt onto the stick. Then generate key = H(H(entropy_1) + salt) + H(H(entropy_2) + salt), and print all of [key, salt, H(e1), H(H(e1) + salt), H(e2), H(H(e2) + salt)]. (+ could be arithmetic addition or XOR; either should be fine.) The user can then verify exactly one of the outer hashes on an insecure computer, and can verify the additions by hand (literally, pen and paper, no computer)

Rassah: key = H(salt||H(entropy)) with H(entropy) on a second sheet of paper so the user can verify it... or something

Rassah: Yes. If you plug tis device into your PC while holding down the button, it shows up in "flash mode", where instead of just a USB stick with a JPG on it, you get to see all the system and settings files. One of those files is a user provded sald (like diceware) that will be combined with the rest of the entropy sources to produce the final key

Rassah: I mean the chip and the hardware has a lot of stuff in there. The entropy is altready there, but initially we figured the SRAM chip was overkill. The "software adding entropy" meaning we just add more code to grab entropy from more hardware and user sources

mircea_popescu: software does not add entropy.

Rassah: mircea_popescu: No, the hardware design is finished. Changes are only in software. Initial method of creating keys is done, we are just adding software patches to add more and more entropy sources to this thing.

Rassah: Ah, got a eply. Seems we'll be using he Atmel provided SRAM after all. And "We will be doing our own analysis of data from several chips, and provide a raw entropy file for those who want to do their own for their specific device." combined with "option to enter a user-supllied salt"

Rassah: compare it on the next run. Since we have about 30 times more entropy

Rassah: We can store part of the raw entropy into non-volatile memory and

Rassah: In our tests, it still had plenty of entropy at 0ºC, but it smoothly went down to zero entropy around -20º. Maybe we should put warning stickers on these things saying "Caution - Chaotic System. Do not use in low entropy environments above the Arctic or below the Antarctic circle, unless exposed to external sources of energy" :) ☟︎

Rassah: Basically an extremely high level entropy generator that uses that entropy to make secure paper walets

mircea_popescu: i guess asciilifeform is the guy who's done most re entropy.

Rassah: Basically, we have people with reservations about the randomness and security of our entropy devices, despite not actually knowing how it works, and we are hoping to get some of tose people to back up their claims

Rassah: Huh. He's actually the reason I'm in here in the first place. I followed his blog here, after he tweeted that Mycelium Entropy < dice, and agreed once I asked him if he would be interested in auditing out device.

Rassah: We are raising money for Entropy through Indiegogo because this was an idea that our devs came up with, and wanted to get it done regardless of our owner's financial input.

Rassah: For now the main product is the Android Wallet though. And that Entropy thing we're finishing up

bitcoinpete: so are "entropy generators"

assbot: 168 results for 'Entropy' : http://search.bitcoin-assets.com/?q=Entropy

Rassah: !s Entropy

Rassah: specifically kickstarter projects, Entropy, etc.

mircea_popescu: entropy actually flows the other direction

asciilifeform: 'You ever drop an egg and on the floor you see it break? / You go and get a mop so you can clean up your mistake. / But did you ever stop to ponder why we know it's true, / if you drop a broken egg you will not get an egg that's new. / That's entropy...'

FabianB: asciilifeform: ah, ic, that discussion was already regarding entropy

assbot: Mycelium Entropy | Indiegogo

FabianB: asciilifeform: did you have a look at https://www.indiegogo.com/projects/mycelium-entropy ?