log
500+ entries in 0.294s
asciilifeform: any rng test can be rewritten as a producer of a predictor. or the test is rubbish.
asciilifeform: mircea_popescu: so, to take example, if you found a rng that turns out to emit digits of pi -- the proof-of-weakness will be plouffe's algo.
asciilifeform: http://btcbase.org/log/2017-04-26#1647917 << imho it's the only sane standard. rng 'weakness' can only be expressed properly as a 'predictor'. anything else is 'suggestively named token'☝︎
BingoBoingo: Or did Mexico try the cocaine and toggle switch RNG idea and it turns out cocaine is deterministic
a111: Logged on 2017-04-19 17:48 asciilifeform: mircea_popescu: at one point we had a thread with d00d who sold 'sram as rng' iirc.
asciilifeform: bonus: your rng also doubles as a radio-shenanigans detector!111
asciilifeform: mircea_popescu: at one point we had a thread with d00d who sold 'sram as rng' iirc.
asciilifeform: mircea_popescu: ~whole point of gamma rng is to divorce from electronic effects.
mircea_popescu: that'd be the ultimate rng pump. "We have this array of matter -- think memory stick. at every given tick, each either decays or doesn't. tick here has no physical meaning, it can be shorter than measurable irrespective of measuring mechanism"
asciilifeform: Framedragger: almost like somebody thought about rng.
asciilifeform: and, apparently, the same tests weaken/fail in proportion to rewinds, regardless of whose rng you used, or even prng.
a111: Logged on 2017-04-04 04:00 asciilifeform: ( now, good q is 'why do this?' and answer is -- 'you get analogue rng that is VERIFIABLE, just like the digital board in fg.' because you can pick up decay from below/above the board !!)
asciilifeform: in other noose... LYSO ( cerium-doped lutetium yttrium orthosilicate ) scintillator is apparently just the thing for rng.
asciilifeform: they will reliably find what one might call 'coarse errors in pilotage' of rng builder
asciilifeform: uses file as 'rng'
asciilifeform: definitely not a low-tech item tho, quite a bit moar complex than plain old analogue rng
asciilifeform: ( incidentally -- FUCKGOATS worx ok (if very slowly) with toggles instead of analogue rng modules. )
asciilifeform: the funny bit is, in usa you can generally buy, e.g., actual uranium oxide (not by the kg, but can buy, easier than, say, gunpowder.) but it'd be quite useless for ~mass~ rng.
a111: Logged on 2017-04-14 14:57 mod6: with both of my RNG-TWs connected, it was collecting at about 7kB/s ... for that quick 10s test or so to ensure that it was a "full speed"
mod6: with both of my RNG-TWs connected, it was collecting at about 7kB/s ... for that quick 10s test or so to ensure that it was a "full speed"
a111: Logged on 2015-01-15 00:45 asciilifeform: (what rng? ring oscillator jitter, with sha1 whitening.)
mircea_popescu: FG is, importantly, an ~auditable~ rng. you can audit the thing, and if you do, i'd be very interested to hear the results.
BenBE: What's the entropy source used in those Cardano RNG?
BenBE: Didn't know that particular project, but have a true RNG based on the WhirlyGig design at warmcat
asciilifeform: asciilifeform finally found a rng-usable beta decay source that is permitted in every country's post office, available worldwide, and for a few bux per kg : ordinary KCl.
asciilifeform: ( now, good q is 'why do this?' and answer is -- 'you get analogue rng that is VERIFIABLE, just like the digital board in fg.' because you can pick up decay from below/above the board !!)
asciilifeform: there is, however, a correct part for this : 'PIN diode.' i have an experimental setup with one. at some point we might offer a fg rng module based on it. but not yet.
mircea_popescu: i imagine some of the best electronics for rng would be satellites. measure it straight in the solar panels!
asciilifeform: upstack mircea_popescu had the right notion, though, it is difficult to build a decay rng that does not rot.
asciilifeform: i've given some serious thought to 'what would be highest bit rate honest rng possible with current tech'
asciilifeform: so we wait for EACH rng : http://btcbase.org/patches/fg-genesis#L360 : to pulse, before entering normal operation.
asciilifeform: so that leaves the rng.
asciilifeform: on the other hand, there is no external input into the box other than the 2 rng.
asciilifeform: btw, this is not a bad time to explain WHY i set it up so that fg remains 'sad' until BOTH rng start up
Framedragger: "Note: Both RNG-TW (Analogue) modules must be present and in working order during power-up, or FUCKGOATS will remain in a SAD state (steady RED lamp.) When performing basic tests, start with a powered FUCKGOATS, with BOTH RNG-TW (Analogue) modules installed. "
asciilifeform: speaking of which, asciilifeform finally discovered how to make a decay-based rng that doesn't wear out or need high voltage -- use PIN diode. the q was always what to use for an emitter, that won't be stolen by post office of half the globe. granite, it occurs to me, is probably a good bet.
Framedragger: also, ip packets with custom proto number would (1) stand out more easily to enemy, and could be more easily filtered out (vs. udp header with rng-data within) - see how chinese firewall blocked tor bridges etc etc; and (2) i'm sure quite a few appliances would filter them out by default (like how they filter out icmp, etc.)
asciilifeform: mircea_popescu: and yes, they are shipping as soon as crate of rng lids (due in today) is here.
asciilifeform: and distinguishes it from literally every other rng in existence .
asciilifeform: sorta how i hand-delivered sample rng to c3
asciilifeform: maybe, who the fuck knows, collect enough data re winblows rng defects, via a future 'uci', to break satoshi's keys.
asciilifeform: i.e. no known algo for constructing a known problem--solution pair, using rng, of ~known~ average complexity.
mircea_popescu: http://btcbase.org/log/2017-02-24#1617373 << the importance of this can't be understated. if f(x) = 4 it matters VERY little what 'rng" you feed f.☝︎
asciilifeform: (there is a red alarm lamp on the pcb to alert in case of analogue rng failure, but it is theoretically possible for the circuit to break outside of FUCKGOATS proper)
asciilifeform: see also http://qntra.net/2016/08/rng-whitening-bug-weakened-all-versions-of-gpg .
asciilifeform: veen: rng in gpg has serious problems , on top of using /dev/random
asciilifeform: i would say 'replace /dev/random in gpg source with /dev/fg and build' but the rng in gpg is monumentally retarded and i disrecommend its use entirely
a111: Logged on 2017-02-14 19:19 asciilifeform: specifically, for every byte you intend to send, you instead send two: x, y. which you generate by obtaining rng byte r, and payload byte b, and x := b xor r, y := r
asciilifeform was reading up on design & history of '/dev/random' and reeling at the lunacy of the very idea of multi-proggy rng pool
mircea_popescu: as per the very apt asciilifeform observation, rng flux === tty flux. there should be one rng per human, more or less.
asciilifeform: in vintage lulz, http://archive.is/4BNQN >> 'Recurring universally unique identifiers (UUIDs), as reported by the smolt hardware profiler client program, had some worried about problems in the kernel RNG. As it turns out, the problem exists in the interaction between Fedora 8 LiveCD installations and smolt – essentially the UUID came from the CD – but it sparked a discussion leading to some
asciilifeform: the good news is that you can stack up as many rng as you like...
asciilifeform: there is no limit to the parallelization (it is exactly (bytes in paylod)/(the block size of the cipher) threads ) but you cannot generate a new ciphertext any faster than your rng will give it to you.
mircea_popescu: actually : the quality of the rng is the limit on the parallelization.
asciilifeform: at least one of the losses, however, is that you now need a serious rng on the transmitter.
mircea_popescu: provided your rng is good.
asciilifeform: specifically, for every byte you intend to send, you instead send two: x, y. which you generate by obtaining rng byte r, and payload byte b, and x := b xor r, y := r
asciilifeform: and not only in the sense of 'having 1 rng on the physical iron is braindamaged' but doing the mixing in a centralized place, known in advance to the enemy, is likewise idiotic
asciilifeform: while we're on the subj, i will say that reading from just ~one~ centralized rng, is braindamaged;
asciilifeform: hanbot: there are possible broad classes of diddled rng that will result in trivially breakable keys, but not phuctorable in the usual sense (without my knowing the trick)
a111: Logged on 2016-11-17 16:02 Framedragger: in fact.. due to https://hdm.io/tools/debian-openssl/ correctly pointing out that "This flaw is ugly because even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system.", someone should attempt botnet-brute-login to all 13M+ (i forget lol) ssh hosts with rng-fucked client keys.
asciilifeform: btw magnetic tape really shines in otp-land. it costs a penny a GB, and you can trivially write two tapes identically with same head (plugged into rng naturally), AND -- bonus -- can destroy it immediately when it comes out of read head.
asciilifeform: (consider one especially disastrous meltdown: in the merkle tree variant of lamport's signature scheme, you are hashing over RNG output. so if ANY collision whatsoever can be found, the enemy can forge signatures at will.)
asciilifeform: but even failing this, diffiehellman gives the other side a sample from your rng.
asciilifeform: the other interesting experiment, yet undone, is to generate ssh, ssl, pgp, etc. keys on some of the other os with known-broken rng -- e.g., freebsd 2010-2014 (or when was it), possibly other
asciilifeform: this came up in the rng whitening thread, but bears mentioning now and again
asciilifeform: i suspect that a good bit of crypto research was lobotomized by historic rng poverty.
asciilifeform: (a tape is just as likely to go left as right , if fed from rng )
mircea_popescu: i dunno, i have no actual math to show, but intuitively it seems to me the above "take 64 bytes of rng, iterate hash over the first 60 last 4-times and then use that as tape to pad message, then put padded message + 64 bytes in question in rsatron" is practically useful and theoretically strong.
asciilifeform: so one ~horrid~ padding algo would be to get a bitstring from my rng, xor the message to it, then send a message of 2x length of original consisting of: [the bitstring from rng][the result of the xor]
asciilifeform: so i hand-cranked the sequence using mircea_popescu's method, to agglomerate, forever, a record of the path through the tree. and he is right that this will keep the toposort from detecting a loop. but this is rather like whitening an rng, it confuses only the machine, but not the reader, who will see that the ~output~ resulting from following the path is identical.
mircea_popescu: but yes, imperial idiots actually do "rng verification" of software ~running on unspecified machines~.
asciilifeform: also it is strange to suppose that a casino player could take a legitimate interest in the rng of the game machine. it is intrinsically promisetronic, he is stuck taking the house's word for it.
asciilifeform: given as it is not physically possible to audit an analogue rng in the same sense as one can audit the digital board (i.e. by putting a TB of random through it, and comparing what comes out other end to the expected), i expect that plenty of folks will choose to build their own analogue unit.
phf: yeah, that's what it looks like. i wonder if in your explorations of state of rng you came across any offical GCB evaluation of casino rngs, i don't know if those would even be public or have technical detail...
asciilifeform: mircea_popescu: aha, it is lovely, a FUCKGOATS rng board could run for year+ on one.
a111: Logged on 2016-12-17 23:11 mircea_popescu: incidentally asciilifeform : actual usecase for FUCKGOATS in eulroa play : because the current mining software uses random to position the miner, the quality of the rng generator decides how likely you actually step outside of the coords you are. ie, if your rng is biased, you're more likely to go outside.
a111: Logged on 2016-12-17 23:08 mircea_popescu: http://btcbase.org/log/2016-12-17#1585289 << yeah i was thinking mammal rng is prolly not a bad idea
mircea_popescu: incidentally asciilifeform : actual usecase for FUCKGOATS in eulroa play : because the current mining software uses random to position the miner, the quality of the rng generator decides how likely you actually step outside of the coords you are. ie, if your rng is biased, you're more likely to go outside.
a111: Logged on 2016-12-17 20:37 asciilifeform: re: analogue rng, let's say you have a rat in a cage, want to use him for rng. you give him a toggle to press, connect it between 'out' and 'ground', with a pull-up to 'power' (10Kohm or more).
mircea_popescu: http://btcbase.org/log/2016-12-17#1585289 << yeah i was thinking mammal rng is prolly not a bad idea☝︎
asciilifeform: re: analogue rng, let's say you have a rat in a cage, want to use him for rng. you give him a toggle to press, connect it between 'out' and 'ground', with a pull-up to 'power' (10Kohm or more).
asciilifeform: Framedragger: short version of the story goes like this. our analogue rng is an analogue device, and is not synched with anything! so it occasionally violates the hold time constraint of any digital circuit it happens to be plugged into
mircea_popescu: "you mean the rng tool can't even keep fucking time ?" "aha"
asciilifeform: phf: my sense of joke will come back when i'm done hand-testing the rng boards tonight and finally vacuum seal the last of'em
asciilifeform: say mr.crate opens his crate and finds rng that spew out marsaglia instead of trng bits.
asciilifeform: and tmsr-rsa needs rng.
asciilifeform: btw phun phakt for mircea_popescu -- you can plug the original v1 green rng into that thing, and it'll run
mircea_popescu: i mean... we pay $$$ to generate rng. how did the computer generate 5mb to pad what alf declares "minuscle" ?
mircea_popescu: lol javascript rng stronger jesus christ,.
asciilifeform: for instance, it demands RDRANDtronic quantities ( see also http://btcbase.org/log/2016-12-05#1577952 ) of rng, and -- if only finds a traditional linux /dev/random, the kind that weeps a few bytes/sec -- complains loudly...☝︎
asciilifeform: and my rating ' mircea_popescu : +9999: best buddy, died in vietnam but not forgotten , my only trustworthy supplier of mersenne primes, there shall be no more but those he signed for me ' is equally 'fact' and certifiable as any rng bit
mircea_popescu: asciilifeform nothing transforms the rng bits into fact. they were fact, from the beginning, owing to the absence of meaning.
asciilifeform: sooo pray tell why the transformator that can turn rng bits into fact, breaks its teeth against a rategram.
mircea_popescu: asciilifeform a pile of rng bits IS a fact.
asciilifeform: i'm with trinque re 'a signed opinion is a fact.' if i take 1TB from my rng and sign it, that is a perma-fossilized piece of my volition.
asciilifeform: i still wonder how come nobody, afaik, ever even once sold rng where the debiaser and analogue halves came apart.
a111: Logged on 2016-12-01 15:54 asciilifeform: (idiot pgp still needs 256 rng bits for aes session keys, when transmitting, and this is own can of lolworms)
asciilifeform: (idiot pgp still needs 256 rng bits for aes session keys, when transmitting, and this is own can of lolworms)
shinohai: Maybe they need an rng to generate a key first. >.>