867 entries in 0.548s
davout: nah, i was trying to figure out exactly, at what points should sane software accept user-generated
entropy mircea_popescu: in fact the smoothness comparison is a decent indication of the
entropy involved.
mircea_popescu: "You dont need
entropy to create an ECDSA signature. You do need it to create an RSA signature, for padding."
jurov: "In cases where keys or seeds are created without the use of software (e.g. dice, a deck of cards, or other non-digital source of
entropy), the creation methodology should be validated to ensure determinism is not present (i.e. there are no weighted dice, each card in the deck is unique, etc.)."
jurov: yes, had in mind to check linux /dev/urandom without any
entropy source in such a way
ben_vulpes: charges eventually dismissed because
entropy can't in2 my dumb ass
jurov: and then someone will hax it and use radio as mere
entropy source for mining :DDDD
ascii_field: 'bad
entropy' is easy: the kind which the enemy can cut you off from by silencing your net connection; or the kind he can guess some bits of, by watching packets (no interrupt source in pogo is in any sense entropic other than the NIC's)
mircea_popescu: at the rate people use adresses you need something like 1 byte of
entropy per hour.
mircea_popescu: ascii_field i have no idea what sort of an argument is this. there's no such thing as good or bad
entropy. the thing is unqualifiable by definition. do you mean that you'd have to wait longer to generate a strong address? so you would.
ascii_field: thing is, rng needs attributes ~other~ than 'shits
entropy'. namely, not to be correlated with variables manipulable or monitorable by enemy
mircea_popescu: ascii_field close enough, since any two clocks are an
entropy measuring tool.
mircea_popescu: because bitcoin is secured by mining which happens irl and the difficulty of mining is set on the basis of irl
entropy.
decimation: why not build physical source of
entropy assbot: Proof That Mycelium Knows How To Make A Better RNG For Its
Entropy Dongle. And Isn’t. | Contravex: A blog by Pete Dushenski ... (
http://bit.ly/1GOHQEr )
decimation: yeah I was about to ask where the
entropy for the rng comes from
fromphuctor: I'm mainly trying to determine if I have generated a key with bad
entropy leading to bad primes meaning easy factorability
BingoBoingo: danielpbarron: Block height is always going to to a rough measure of time due to
entropy. Could make a great system for a calendar, poor for slicing up a day though
BingoBoingo: "coins" have insufficient
entropy to be useful as a precision measure of time at all.
funkenstein_: i don't mac, but methinks you can add a couple special chars without losing
entropy assbot: The strange case of the unentropic
entropy and other bedtime stories of primes and people. on Trilema - A blog by Mircea Popescu. ... (
http://bit.ly/1f3ZkFJ )
assbot: Logged on 10-06-2015 18:43:12; mircea_popescu: HOPE was last weekend (I didn't go) and finally the design specification has been posted along with the audited code. It appears that my initial concerns were warranted, each key is generated directly from the user's pass-phrase with no salt, thus leaving the true amount of
entropy in the key generation process highly unknown.
mircea_popescu: HOPE was last weekend (I didn't go) and finally the design specification has been posted along with the audited code. It appears that my initial concerns were warranted, each key is generated directly from the user's pass-phrase with no salt, thus leaving the true amount of
entropy in the key generation process highly unknown.
☟︎ mircea_popescu: the sole source for
entropy in the ECC key generation. At the time of the debate, Nadim suggested I wait until the big unveiling at HOPE to pass judgement as he had some research into secure human-generated pass-phrases that he was going to share.
ascii_field: because there are two kinds of '
entropy' here
ascii_field: i would also like to point out that framing the question of key quality in terms of 'bits of
entropy' is slightly misleading
ascii_field: i can 'reduce
entropy' of mircea_popescu's pgp key by telling that the factors are odd. what of it.
mircea_popescu: and the argument here isn't about "guessing", it's about reducing
entropy.
assbot: The strange case of the unentropic
entropy and other bedtime stories of primes and people. on Trilema - A blog by Mircea Popescu. ... (
http://bit.ly/1H8Xpuk )
liquidassets: sometimes I buy a few small things using their interface like a trezor or mycelium
entropy mircea_popescu: "Back when the NSA was routinely weakening commercial cryptography, their favorite technique was reducing the
entropy of the random number generator."
mircea_popescu: funkenstein_ generating
entropy is not easy, and oyu can already do that as-is.
funkenstein_: is that I could easily generate my own
entropy for my keypair
Hasimir: no, not seriously, there's a big difference between some bunch of people with crap
entropy sources and rsa being borked
mircea_popescu: mxtm it's not a REAL
entropy source. it's a defined sequence that may be confused for an
entropy source, if one's definition of
entropy is test based.
mxtm: Apocalyptic: then how would it be an
entropy source
mxtm: why would pi be an
entropy source
mircea_popescu: justJanne the application here is that, if i give you a string of random numbers which unknown to you are the nth digit of pi onwards, you may think you have
entropy by "tests".
justJanne: @ascii_field, about pi: No, pi is not a good source of
entropy mircea_popescu: (if you think about it : an
entropy source that always pass tests is by definition not entropic. see last year's amusement with the "guess number" toy alf made)
decimation: lol she claims that (52:41) that openssl just adds the current time of day in seconds to the
entropy pool
mircea_popescu: and then, as that's ripped out, some tests will find the
entropy not as good
mats: (as long as you fill unused flash with high
entropy NOPs that eventually jump to a fault handler, and do attestation via reset to a minimal bootloader that can use all memory)
ben_vulpes: asciilifeform, mircea_popescu and others interested in entropic information: what stats about generated
entropy are useful? if i need to shoop my
entropy over to gentoo i can, but if that's not necessary (for dieharder tests) i'd like to avoid it
ben_vulpes: asciilifeform: what's the
entropy analysis tool?
mircea_popescu: so described, it is rather clear that bitcoin can not in fact exist : immutability and
entropy are mutually contradictory.
mircea_popescu: because that is the property here : same as
entropy, bitcoin lacks the ability to review earlier states on the base of later states.
ben_cash: right up there with home-rolled
entropy pool.
williamdunne: asciilifeform: I saw you tear the
Entropy apart a-while-back, did they fix your main concerns?
mircea_popescu: i suppose we could put the string through teh
entropy tests... but no, doesn't look like it's 8/8.
Chillum: I suppose "search space" is more accurate than
entropy Chillum: it could be stronger if you asked it for more
entropy. It creates the password with the
entropy you request
Chillum: the idea is that humans can remember more
entropy when it is in a story form
Chillum: I saw a nice talk about a password creator that created small sentence fragments from very long lists of words. The user could enter the words in any order and with known mispellings and it would still pass. All while making sure you get the requested
entropy BingoBoingo: hanbot:
Entropy logic is patent GBBG by Google Images of AusieDude and GrumpySpamLady. License available with Founder shares, pls buy...
hanbot: is this
entropy-logic?
Chillum: using numbers only adds
entropy when you randomly selecty them from the same set as the letters
hanbot: if there's 10^26 bits of
entropy in that thing I will eat someone's pet.
Chillum: 10^26 = 1.1447546×10²⁸ enough
entropy for a remote service
Chillum: there are 26 letters and 10 numbers. Number have less
entropy assbot: Proof That Mycelium Knows How To Make A Better RNG For Its
Entropy Dongle. And Isn’t. | Contravex: A blog by Pete Dushenski ... (
http://bit.ly/1D0hill )
mircea_popescu: it doesn't "dilute" anything. if you have 1 bit of
entropy per byte, it puts out one byte every eightish bytes.
Chillum: but if the source is a lamp humming 60hz how does the algo filter the pattern from the
entropy without diluting the
entropy?
Chillum: you can't create
entropy with an algorithm
mircea_popescu: <Chillum> no amount of debiasing will create
entropy from a patterned source << howdja figure that one ?
Chillum: the debiaser can't tell
entropy from pattern
jurov: and you think since there will be some hum, any
entropy is lost?
Chillum: I think you over estimate your ability to create
entropy with everday objects
Chillum: no amount of debiasing will create
entropy from a patterned source
Chillum: sound has
entropy but it also has a lot of pattern
Chillum: though most
entropy from PRNGs come from hard drive timings, which run black box firmware
assbot: Proof That Mycelium Knows How To Make A Better RNG For Its
Entropy Dongle. And Isn't. | Contravex: A blog by Pete Dushenski ... (
http://bit.ly/1y61MkH )
jurov: tbh, "mycelium" "
entropy" souds like some suspicious chemical