log☇︎
500+ entries in 0.143s
bvt: dorion: slowly getting back into shape after vacations, so far some workslots got sacrificed for more sports. other than that, on the vacation i started to write a v implementation that would not have the performance issue; while it's 90% done, need to invest some more time to finish it. after that, will port the fg-rng to 2.6.32
bvt: porting rng to 2.6 kernel should indeed be not too hard, the only thing i may need adaptation is kfifo api (iirc it's api changed at some point, which may break the code)
ossabot: Logged on 2020-01-12 12:47:24 dorion: mircea_popescu in light of never moving off linux 2.x series, it seems to me bvt ought to port his rng work from 4.9.95 it currently sits on to 2.x.
dorion: mircea_popescu in light of never moving off linux 2.x series, it seems to me bvt ought to port his rng work from 4.9.95 it currently sits on to 2.x.
dorion_road: Gales Linux was released last month (which I've used for a couple years by now), bvt and skyped are giving it a spin this month and
dorion_road: bvt I left a comment that's in your mod queue http://bvt-trace.net/2019/12/keccak-hashing-for-kernel-rng/comment-page-1/#comment-100
feedbot: http://bvt-trace.net/2019/12/keccak-hashing-for-kernel-rng/ << bvt's backtrace -- Keccak Hashing for Kernel RNG
bvt: mircea_popescu: even bigger problem for kernel http://bvt-trace.net/2019/10/fg-fed-linux-rng/?b=Pressing&e=though#select
bvt: dorion_road: the kernel rng vpatch will be finished on this weekend (i have all the components in the benchmarking blogpost, just need to clean things up).
dorion_road: bvt What is the status of the last vpatch for the RNG series?
bvt: ty, i guess after the article it will become possible to decide what to use for each of the hashes; after that one more patch - user-settable key for hashing, and rng work will be done
snsabot: Logged on 2019-11-12 22:03:27 mircea_popescu: bvt, once done fixing the kernel rng, you wana join in this fray by the way ?
mircea_popescu: bvt, once done fixing the kernel rng, you wana join in this fray by the way ?
mircea_popescu: so concretely, lobbes is supposed to deliver that botthing soonish ; you're doing the above, bvt is beating rng into the kernel, BingoBoingo is getting himself out of the 2nd failed reboot of isp
ossabot: Logged on 2019-11-04 15:29:03 mp_en_viaje: incidentally, it occurs to me, bvt had just completed a large pile of work re getting the fg in the kernel.
mp_en_viaje: incidentally, it occurs to me, bvt had just completed a large pile of work re getting the fg in the kernel.
mp_en_viaje: anyway, to put at least one rng'd insanity to rest explicitly : i work women rather than men not because women are weaker than men, but because women are stronger than men. if this weren't the case i'd simply be gay, no question about it.
ossabot: Logged on 2019-10-22 02:32:27 mp_en_viaje: i also kinda like the idea of permitting each user to pick his own rng-hash-crypto key.
ossabot: Logged on 2019-10-22 02:29:31 mp_en_viaje: http://bvt-trace.net/2019/10/fg-fed-linux-rng/ << the most important q here is, are we going to mandate serpent ? or are we going to permit legacy sha1/chacha ?
ossabot: Logged on 2019-10-22 02:32:27 mp_en_viaje: i also kinda like the idea of permitting each user to pick his own rng-hash-crypto key.
ossabot: Logged on 2019-10-22 02:29:31 mp_en_viaje: http://bvt-trace.net/2019/10/fg-fed-linux-rng/ << the most important q here is, are we going to mandate serpent ? or are we going to permit legacy sha1/chacha ?
ossabot: Logged on 2019-10-22 06:24:44 mp_en_viaje: diana_coman, a) to avoid the sha1-powered contraction ; b) to reject, discontinue and clearly mark as untenable pantsuit heritage ; c) to disrupt any possible legacy of usgistani shenanigans in the output ; d) to give meaning to the notion of computer identity ("a computer's key is the hash of the sig it uses to serpent its rng code") and e) for simplicity (one mechanism instead of two as now)
mp_en_viaje: diana_coman, a) to avoid the sha1-powered contraction ; b) to reject, discontinue and clearly mark as untenable pantsuit heritage ; c) to disrupt any possible legacy of usgistani shenanigans in the output ; d) to give meaning to the notion of computer identity ("a computer's key is the hash of the sig it uses to serpent its rng code") and e) for simplicity (one mechanism instead of two as now)
mp_en_viaje: i also kinda like the idea of permitting each user to pick his own rng-hash-crypto key.
mp_en_viaje: http://bvt-trace.net/2019/10/fg-fed-linux-rng/ << the most important q here is, are we going to mandate serpent ? or are we going to permit legacy sha1/chacha ?
feedbot: http://bvt-trace.net/2019/10/fg-fed-linux-rng/ << bvt's backtrace -- FG-fed Linux RNG
bvt: hi. i intend to finish the kernel rng work end of next week - then will do a dissection-writeup on what i did + vpatch. i also have to setup mpwp somewhere - this may take a bit of additional time.
ossabot: Logged on 2019-10-11 11:43:50 asciilifeform: if mp_en_viaje , diana_coman , et al, ran the risk/roi calculation and it only came out in favour of FG vs. intel rng because thought that piz could never die or that iron can be teleported , but w/ dead piz and realization that cannot be teleported -- goes other way, then so wills allah -- but asciilifeform objects to the accusation of 'scam'. erryone knew for what signed up.
asciilifeform: if mp_en_viaje , diana_coman , et al, ran the risk/roi calculation and it only came out in favour of FG vs. intel rng because thought that piz could never die or that iron can be teleported , but w/ dead piz and realization that cannot be teleported -- goes other way, then so wills allah -- but asciilifeform objects to the accusation of 'scam'. erryone knew for what signed up.
asciilifeform pictures inv bill for storage of 1x1cm rng
asciilifeform: unless to count a 2013 prototype rng, the size of postage stamp.
ossabot: Logged on 2019-10-08 05:47:08 mp_en_viaje: it's a hardware rng. i'd link you the specsheet / pics etc but atm its site is down
diana_coman: maxim_mivo: the fg is a hardware rng and it can be connected to any USB port but for colocated machines it will most likely be inside already ie not an external thing
mp_en_viaje: it's a hardware rng. i'd link you the specsheet / pics etc but atm its site is down
asciilifeform: and to smg i'd also recommend to use the same, but is decision not for me but for mp_en_viaje & co, if they'd rather host on intel w/ ipmi and intel rng, is not my biz
asciilifeform: at any rate insect moar relies on 'horizontal' ('there's many wasps') 'rng', than 'vertical' ('if rnd()<0.99 then check_nest()' etc) rng.
mp_en_viaje: asciilifeform, precisely. the "lacks rng" could very well be entirely artefact of perception.
asciilifeform: mp_en_viaje: poor model, transistor, it's ~nuffin BUT rng when 'out of the box'
mp_en_viaje: this could be like saying "it's weird individual transistors lack rng"
asciilifeform: it is interesting that wasp seems to lack 'rng'. asciilifeform does not know why, or what sorta evolutionary sense it makes.
snsabot: Logged on 2019-01-15 12:35:38 asciilifeform: you represent the inputs ( any # of'em ) via stochasticizers, i.e. each 1 gets a comparator that eats N bits of rng and outputs a 1 if they represent integer <= the currently latched binary number, 0 otherwise.
asciilifeform: ( if fuel is not a concern, fly all 10 and xor'em!1111 -- in all seriousness, rng is perhaps the easiest part known to man where to implement redundancy )
bvt: hi. for me, the meatworld events mentioned in http://bvt-trace.net/2019/08/fg-fed-linux-rng-work-schedule/ are over, i am continuing active fg-kernel work
snsabot: Logged on 2019-09-19 05:47:32 mircea_popescu: trying to meta-smart, pseudothinking in your dumb head "if i were a literary character and these things happened to me, what'd it mean about the script" will not only fail to deliver any useful predictions (in the sense that it'll work EXACTLY as well as a RNG-choice, to perfectly fuck you over), but it will actually prevent you from deriving any benefits from the circumstance you're NOT a fucking literary char
mircea_popescu: trying to meta-smart, pseudothinking in your dumb head "if i were a literary character and these things happened to me, what'd it mean about the script" will not only fail to deliver any useful predictions (in the sense that it'll work EXACTLY as well as a RNG-choice, to perfectly fuck you over), but it will actually prevent you from deriving any benefits from the circumstance you're NOT a fucking literary character.
snsabot: Logged on 2019-06-07 16:36:15 asciilifeform: ( the 1 annoying aspect of lysotronic fg as currently drawn, is that it gets the +45v bias voltage for the detector, from batteries, as asciilifeform does not know of a 'rng safe' method to generate it from +5 without oscillators )
bvt: asciilifeform: if you recall, this was my original plan, however i got impression from 'part of kernel & welded shut' here http://bvt-trace.net/2019/08/fg-fed-linux-rng-work-schedule/comment-page-1/#comment-44 that everything should be inside
feedbot: http://bvt-trace.net/2019/08/bits-and-pieces-of-linux-rng/ << bvt's backtrace -- Bits and pieces of Linux RNG
bvt: hi, sorry for delay on the linux rng post, it is in fact ~ready, but i need one more day for proofreading
asciilifeform: typical cheats, in so far as they reach the open literature, involve the coin dispenser, rather than rng per se.
asciilifeform: the other interesting casinoism is that in usa, rng is a sealed box provided by usg. but iirc had already thread about this, in '13
asciilifeform: imho mobo oughta have dedicated socket for rng. but we aint yet there.
mircea_popescu: cuz all boxes must be rng
asciilifeform: 'make artificially easy for os and whatever ears on walls it came with, to know which box is rng'
asciilifeform: btw before it gets lost , this was imho good point.
asciilifeform: at one pt i experimented with, among other lulz, playing suspect-rng via headphone , to find regularities
bvt: after ffa I will have a look at other things (like ripping out kernel rng, having another look at gnat-arm64 internals, as it seems there is no ongoing work on this front atm). i expect to get something useful as a result, and maintain it in long term.
a111: Logged on 2018-10-12 17:36 asciilifeform: ( my sim -- converged!11 -- when i fed it... don lancaster's geiger rng tarball. )
asciilifeform: ftr i have nuffin against public rng per se, one of which i used to good effect, albeit naturally not for crypto, in early 2000s ☝︎
asciilifeform: thing actually does a deedbot-style rng turd decrypt/confirm when pressed
asciilifeform: ( the 1 annoying aspect of lysotronic fg as currently drawn, is that it gets the +45v bias voltage for the detector, from batteries, as asciilifeform does not know of a 'rng safe' method to generate it from +5 without oscillators )
asciilifeform: mechanism, for thread-completeness.
asciilifeform: meanwhile, thinking moar re this item : the two tests make roughly comparable demand on rng: 3582 * (2048 / 8) byte == 916992 bytes (single 2048 gcd) ; 3155 * (2048 / 8) == 807680 byte ; ☝︎
asciilifeform: 1 moar hypothesis : on boxes where very slow rng (e.g. fg unavailable ) or where heavily milked fg, generating e.g. ephemeral rsa privs with high frequency, economy may be much greater, as fewer doomed m-r shots means fewer '?' invocations for their witnesses gen.
asciilifeform: for both cases, 'rng' was file of first 1MB from http://nosuchlabs.com/fg/nosuchlabs_FG_1024MB_phreesample.bin .
asciilifeform: 'if I wanted to influence your RNG I would attack it at the von neumann fair toss algorithm, by ensuring that I have control over pairs of outputs somehow.' << didjaknow!111
asciilifeform: ( iirc this was when mircea_popescu persuaded asciilifeform that oughta make an rng... )
asciilifeform: certainly terrible idea, if yer using e.g. the onboard rng.
mp_en_viaje: http://btcbase.org/log/2019-04-06#1907157 << so far all that's actually been decided is the rng source (no, no tpossible to have sane iron w/o rng). ☝︎
asciilifeform: dunno, imagined that somewhere someone 1) has hands growing from torso, not arse 2) wants rng 3) likes to blog re builds
asciilifeform: ( also ougta add, that if extended riemann is troo , then the supposition that 'for erry finite set of witnesses, can produce a p for which they all lie' is not , and the rng component of m-r would then be redherring )
asciilifeform: cuz 'avoids 3/4 of space' is equiv to , e.g., rng that never produces string '00', '01', '10' for any 2 bits of output
asciilifeform: nao the q becomes, you later look at what came out of the wire. is it possible to conceive of a 'rng test' that the output would not (for particular p , taken as constant) fail ?
mircea_popescu: "from actual rng per [naive interpretation] of m-r claims", but w/e.
asciilifeform: so erry time you milk the wire for a witness, he gives you ( with some probability higher than what you would expect from actual rng per the orig m-r ) a false witness , erry time.
asciilifeform: suppose you have candidate p , generated with what you consider to be a working (i.e. uniform) rng , with no interference from devils.
asciilifeform: sure enuff, but seems to me that asking for an object that appears to pass even elementary (e.g. 'pi dart') rng smoke test, while actually avoids 3/4 of the phase space in its output, is like asking for a 2 which is also a 3 .
mircea_popescu: asciilifeform, they're not equally distributed. here's what i propose : take a rng run, ent ; then take out all carmichael numbers from it, run ent. then see if you can tell which is which.
asciilifeform: fwiw however i cannot presently think of any rng test, even the dumbest ones in the 'dieharder' collection, that wouldn't barf at a rng which avoids 3/4 (or any similar proportion) chunk of the integer number line
asciilifeform: ( like all other possible rng tests, presupposes that the device is in fact an rng, rather than e.g. tape playing back an old rng run while enemy dies of laughter )
asciilifeform: incidentally, litmus where you pluck a string of N bits from rng, and then look for the expected distribution of m-r liars ( or apparent primality ) is itself a notbad, imho, rng test
mircea_popescu: but yes, the relation you unearth is sound. the problem or set thereof i started discussing is exactly homomorphic to "well, we have no proper rng tests, "ou'll have to take the girl by the nose, count, and break out the abacuses.")
mircea_popescu: yes, "you do not even know what a working rng mathematically means"
asciilifeform: well yes, q is re ~definition~ of 'working rng', as an abstract object
mircea_popescu: your rng working or not is aside the point ; we're discussing here random numbers as a mathematical abstraction, we're not even counting "well, your set of 4, 4, 4, 4 is not exactly an implementation of that abstraction"
asciilifeform: ( and applies equally to the candidate # , and to any other application of rng )
asciilifeform: so is the idea 'you cannot know whether yer rng actually worx?' cuz then i must agree
asciilifeform: i can't see any path to 'magically fails 32 shots despite working uniform rng' without rejecting the 3/4
asciilifeform: say you have n for which the entire bottom quarter of the 2048bit witness space is liar. how does this prevent working rng from still finding working witness in the expected # of shots ?
asciilifeform: how does 'contiguous set of liars' play into scenario with working rng ?
mircea_popescu: the bound presumes a flat spectrum rng and properties of large sets of random numbers that ~have not been proven~, though they are experimentally VERY reliable.
asciilifeform: correct, the bound presumes a flat-spectrum rng.
asciilifeform: this type of failure hinges on imperfection of rng, rather than hidden boojum in m-r
asciilifeform: to the point that i'm at a loss to construct a crackpot hypothesis for the negative ( what would the loch ness monster here look like ? erry composite n, we know has 3+ / 4 of integers as proper witnesses. so where wouldja hide'em so that working rng doesn't find 1 in 32 shots before asteroid hits machine ? )
asciilifeform: all we have is the http://btcbase.org/log/2019-03-28#1905286 ( from elementary proof ) + the observation that nobody ( or at least not asciilifeform ) has ever found a composite that doesn't properly light up m-r 'composite!' indicator for 3+ / 4 rng stabs. ☝︎
mircea_popescu: in any case, it seems to me that the a witnesses MUST be generated as rng(0, 2^4096) rather than rng (2^4095, 2^4096).
asciilifeform: koch et al shat out his 'fixed witnesses' thing, and folx ate it largely cuz rng poverty. which we dun suffer from.
a111: Logged on 2016-09-11 22:50 asciilifeform: it is foolish to design for 'what if my rng silently fails'. it is a 'jesus bolt' failure
asciilifeform: when we 1st had m-r thread, i also considered a hybrid algo, where you take e.g. 32 rng witnesses, and 32 that are kept in bottle and known only to you , for 64-shot test that is slightly moar immune to rng failure. but then thought 'rng is jesus bolt, if fails, yer candidate is also fucked' so couldn't think of why to do such a thing.
asciilifeform: whereas if you actually lift 32+ rng witnesses from a working rng (as in asciilifeform's demo, or diana_coman's proggy, and elsewhere where not koch.. ) actually converges (for so long as you actually have working rng)