log
500+ entries in 0.431s
Framedragger: also, ip packets with custom proto number would (1) stand out more easily to enemy, and could be more easily filtered out (vs. udp header with rng-data within) - see how chinese firewall blocked tor bridges etc etc; and (2) i'm sure quite a few appliances would filter them out by default (like how they filter out icmp, etc.)
asciilifeform: mircea_popescu: and yes, they are shipping as soon as crate of rng lids (due in today) is here.
asciilifeform: and distinguishes it from literally every other rng in existence .
asciilifeform: sorta how i hand-delivered sample rng to c3
asciilifeform: maybe, who the fuck knows, collect enough data re winblows rng defects, via a future 'uci', to break satoshi's keys.
asciilifeform: i.e. no known algo for constructing a known problem--solution pair, using rng, of ~known~ average complexity.
mircea_popescu: http://btcbase.org/log/2017-02-24#1617373 << the importance of this can't be understated. if f(x) = 4 it matters VERY little what 'rng" you feed f.☝︎
asciilifeform: (there is a red alarm lamp on the pcb to alert in case of analogue rng failure, but it is theoretically possible for the circuit to break outside of FUCKGOATS proper)
asciilifeform: see also http://qntra.net/2016/08/rng-whitening-bug-weakened-all-versions-of-gpg .
asciilifeform: veen: rng in gpg has serious problems , on top of using /dev/random
asciilifeform: i would say 'replace /dev/random in gpg source with /dev/fg and build' but the rng in gpg is monumentally retarded and i disrecommend its use entirely
a111: Logged on 2017-02-14 19:19 asciilifeform: specifically, for every byte you intend to send, you instead send two: x, y. which you generate by obtaining rng byte r, and payload byte b, and x := b xor r, y := r
asciilifeform was reading up on design & history of '/dev/random' and reeling at the lunacy of the very idea of multi-proggy rng pool
mircea_popescu: as per the very apt asciilifeform observation, rng flux === tty flux. there should be one rng per human, more or less.
asciilifeform: in vintage lulz, http://archive.is/4BNQN >> 'Recurring universally unique identifiers (UUIDs), as reported by the smolt hardware profiler client program, had some worried about problems in the kernel RNG. As it turns out, the problem exists in the interaction between Fedora 8 LiveCD installations and smolt – essentially the UUID came from the CD – but it sparked a discussion leading to some
asciilifeform: the good news is that you can stack up as many rng as you like...
asciilifeform: there is no limit to the parallelization (it is exactly (bytes in paylod)/(the block size of the cipher) threads ) but you cannot generate a new ciphertext any faster than your rng will give it to you.
mircea_popescu: actually : the quality of the rng is the limit on the parallelization.
asciilifeform: at least one of the losses, however, is that you now need a serious rng on the transmitter.
mircea_popescu: provided your rng is good.
asciilifeform: specifically, for every byte you intend to send, you instead send two: x, y. which you generate by obtaining rng byte r, and payload byte b, and x := b xor r, y := r
asciilifeform: and not only in the sense of 'having 1 rng on the physical iron is braindamaged' but doing the mixing in a centralized place, known in advance to the enemy, is likewise idiotic
asciilifeform: while we're on the subj, i will say that reading from just ~one~ centralized rng, is braindamaged;
asciilifeform: hanbot: there are possible broad classes of diddled rng that will result in trivially breakable keys, but not phuctorable in the usual sense (without my knowing the trick)
a111: Logged on 2016-11-17 16:02 Framedragger: in fact.. due to https://hdm.io/tools/debian-openssl/ correctly pointing out that "This flaw is ugly because even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system.", someone should attempt botnet-brute-login to all 13M+ (i forget lol) ssh hosts with rng-fucked client keys.
asciilifeform: btw magnetic tape really shines in otp-land. it costs a penny a GB, and you can trivially write two tapes identically with same head (plugged into rng naturally), AND -- bonus -- can destroy it immediately when it comes out of read head.
asciilifeform: (consider one especially disastrous meltdown: in the merkle tree variant of lamport's signature scheme, you are hashing over RNG output. so if ANY collision whatsoever can be found, the enemy can forge signatures at will.)
asciilifeform: but even failing this, diffiehellman gives the other side a sample from your rng.
asciilifeform: the other interesting experiment, yet undone, is to generate ssh, ssl, pgp, etc. keys on some of the other os with known-broken rng -- e.g., freebsd 2010-2014 (or when was it), possibly other
asciilifeform: this came up in the rng whitening thread, but bears mentioning now and again
asciilifeform: i suspect that a good bit of crypto research was lobotomized by historic rng poverty.
asciilifeform: (a tape is just as likely to go left as right , if fed from rng )
mircea_popescu: i dunno, i have no actual math to show, but intuitively it seems to me the above "take 64 bytes of rng, iterate hash over the first 60 last 4-times and then use that as tape to pad message, then put padded message + 64 bytes in question in rsatron" is practically useful and theoretically strong.
asciilifeform: so one ~horrid~ padding algo would be to get a bitstring from my rng, xor the message to it, then send a message of 2x length of original consisting of: [the bitstring from rng][the result of the xor]
asciilifeform: so i hand-cranked the sequence using mircea_popescu's method, to agglomerate, forever, a record of the path through the tree. and he is right that this will keep the toposort from detecting a loop. but this is rather like whitening an rng, it confuses only the machine, but not the reader, who will see that the ~output~ resulting from following the path is identical.
mircea_popescu: but yes, imperial idiots actually do "rng verification" of software ~running on unspecified machines~.
asciilifeform: also it is strange to suppose that a casino player could take a legitimate interest in the rng of the game machine. it is intrinsically promisetronic, he is stuck taking the house's word for it.
asciilifeform: given as it is not physically possible to audit an analogue rng in the same sense as one can audit the digital board (i.e. by putting a TB of random through it, and comparing what comes out other end to the expected), i expect that plenty of folks will choose to build their own analogue unit.
phf: yeah, that's what it looks like. i wonder if in your explorations of state of rng you came across any offical GCB evaluation of casino rngs, i don't know if those would even be public or have technical detail...
asciilifeform: mircea_popescu: aha, it is lovely, a FUCKGOATS rng board could run for year+ on one.
a111: Logged on 2016-12-17 23:11 mircea_popescu: incidentally asciilifeform : actual usecase for FUCKGOATS in eulroa play : because the current mining software uses random to position the miner, the quality of the rng generator decides how likely you actually step outside of the coords you are. ie, if your rng is biased, you're more likely to go outside.
a111: Logged on 2016-12-17 23:08 mircea_popescu: http://btcbase.org/log/2016-12-17#1585289 << yeah i was thinking mammal rng is prolly not a bad idea
mircea_popescu: incidentally asciilifeform : actual usecase for FUCKGOATS in eulroa play : because the current mining software uses random to position the miner, the quality of the rng generator decides how likely you actually step outside of the coords you are. ie, if your rng is biased, you're more likely to go outside.
a111: Logged on 2016-12-17 20:37 asciilifeform: re: analogue rng, let's say you have a rat in a cage, want to use him for rng. you give him a toggle to press, connect it between 'out' and 'ground', with a pull-up to 'power' (10Kohm or more).
mircea_popescu: http://btcbase.org/log/2016-12-17#1585289 << yeah i was thinking mammal rng is prolly not a bad idea☝︎
asciilifeform: re: analogue rng, let's say you have a rat in a cage, want to use him for rng. you give him a toggle to press, connect it between 'out' and 'ground', with a pull-up to 'power' (10Kohm or more).
asciilifeform: Framedragger: short version of the story goes like this. our analogue rng is an analogue device, and is not synched with anything! so it occasionally violates the hold time constraint of any digital circuit it happens to be plugged into
mircea_popescu: "you mean the rng tool can't even keep fucking time ?" "aha"
asciilifeform: phf: my sense of joke will come back when i'm done hand-testing the rng boards tonight and finally vacuum seal the last of'em
asciilifeform: say mr.crate opens his crate and finds rng that spew out marsaglia instead of trng bits.
asciilifeform: and tmsr-rsa needs rng.
asciilifeform: btw phun phakt for mircea_popescu -- you can plug the original v1 green rng into that thing, and it'll run
mircea_popescu: i mean... we pay $$$ to generate rng. how did the computer generate 5mb to pad what alf declares "minuscle" ?
mircea_popescu: lol javascript rng stronger jesus christ,.
asciilifeform: for instance, it demands RDRANDtronic quantities ( see also http://btcbase.org/log/2016-12-05#1577952 ) of rng, and -- if only finds a traditional linux /dev/random, the kind that weeps a few bytes/sec -- complains loudly...☝︎
asciilifeform: and my rating ' mircea_popescu : +9999: best buddy, died in vietnam but not forgotten , my only trustworthy supplier of mersenne primes, there shall be no more but those he signed for me ' is equally 'fact' and certifiable as any rng bit
mircea_popescu: asciilifeform nothing transforms the rng bits into fact. they were fact, from the beginning, owing to the absence of meaning.
asciilifeform: sooo pray tell why the transformator that can turn rng bits into fact, breaks its teeth against a rategram.
mircea_popescu: asciilifeform a pile of rng bits IS a fact.
asciilifeform: i'm with trinque re 'a signed opinion is a fact.' if i take 1TB from my rng and sign it, that is a perma-fossilized piece of my volition.
asciilifeform: i still wonder how come nobody, afaik, ever even once sold rng where the debiaser and analogue halves came apart.
a111: Logged on 2016-12-01 15:54 asciilifeform: (idiot pgp still needs 256 rng bits for aes session keys, when transmitting, and this is own can of lolworms)
asciilifeform: (idiot pgp still needs 256 rng bits for aes session keys, when transmitting, and this is own can of lolworms)
shinohai: Maybe they need an rng to generate a key first. >.>
a111: Logged on 2016-10-05 17:22 trinque: http://btcbase.org/log/2016-10-05#1553270 << I would buy an in-WoT RNG yesterday.
trinque: with the RNG asciilifeform is going to sell me
Framedragger: in fact.. due to https://hdm.io/tools/debian-openssl/ correctly pointing out that "This flaw is ugly because even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system.", someone should attempt botnet-brute-login to all 13M+ (i forget lol) ssh hosts with rng-fucked client keys.
Framedragger: http://log.mkj.lt/trilema/20161117/#508 << someone with time on their hands should write script to attempt logins at all of these with rng-fucked ssh keys (available at https://hdm.io/tools/debian-openssl/ i think though did not check, or re-gen themselves, shouldnt be hard)!☝︎
mircea_popescu: asciilifeform i can't, not really. as pissed off as i/anyone can be, "What I currently see as best option is to actually comment out those 2 lines of code. But I have no idea what effect this really has on the RNG. The only effect I see is that the pool might receive less entropy. But on the other hand, I'm not even sure how much entropy some unitialised data has. What do you people think about removing those 2 lines of code?
Framedragger: mircea_popescu may be interested to read about how it happened. i think it was some developer-helper tool / linter / sth which showed an 'unused var'? and dev removed it. and broke rng
asciilifeform: 'break console auth', 'rot rng',...
a111: Logged on 2014-05-29 17:55 asciilifeform: i really can't fathom the purpose of buying a mystery meat hardware rng. if you're willing to eat mystery meat, why not use the vlsi turd found in current cpu?
thestringpuller: looking through my research there doesn't seem to be a conclusion to hardware RNG thread
ben_vulpes: asciilifeform: rng on this machine is dog slow, since http://btcbase.org/log/2016-10-15#1555745 shitball.bin has only amassed 22k of noise☝︎
trinque: http://btcbase.org/log/2016-10-05#1553270 << I would buy an in-WoT RNG yesterday.☝︎
asciilifeform: will have to look into their rng at some point.
asciilifeform: i ask because on any of my boxes with linux 3.x, i get maybe 1kB/minute from /dev/random unless i have rng plugged in.
asciilifeform: also this was running on a box with iron rng?
adlai: it should be ~unique each time you run the rng, but if your 'entropy' source is a piece of data (public key), doesn't your rng turn into a p-rng?
mircea_popescu: what is the output of rng ?
a111: Logged on 2016-09-27 16:39 mircea_popescu: this doesn't matter so much, future cryptosystem will be made on the basis of rng ; rng can work with pubkey as entropy source.
adlai: asciilifeform: very cool little tool! but rereading the logs, i'm unclear what mircea_popescu means by "on the basis of rng" http://btcbase.org/log/2016-09-27#1549184☝︎
asciilifeform: at least partly the purpose of this piece is to make the reader understand that his household is short on rng bitz.
mircea_popescu: J.sign("Here's the laydown : 1. rsa got fucked, this is the process to exrtract privkey from pubkey ; 2. message so-and-so on deedbot was creating by so-hashing this salt and this pubkey ; 3. this here key J was created by using cryptoisystem ? with rng = privkey.K, which guarantees i am the one that made it ; 4. please use this here J' in future")
mircea_popescu: this doesn't matter so much, future cryptosystem will be made on the basis of rng ; rng can work with pubkey as entropy source.
asciilifeform: feed the thing validly checksummed but otherwise from rng packets, at line rate
asciilifeform: in other 'news', heathen 'rng design' folk write what aaaaaalmost looked like good intro to subj, https://forum.stanford.edu/events/2016/slides/iot/Ben.pdf , until the mindfuck 'Want to keep generating entropy bits without needing to keep powering the HWRNG Use HWRNG to seed a PRNG (AES counter mode)...'
asciilifeform: the part mircea_popescu took issue with was, as i understand, the mapping of 'rng that broadcasts to planet' into 'ip network' (which does not have such a thing as broadcast.)
asciilifeform: it is foolish to design for 'what if my rng silently fails'. it is a 'jesus bolt' failure
mircea_popescu: thinking being that if the all-xored-with-key packet is specifically known, observer has some advantage in detecting underperforming rng ; but if it's not known then not so much.
asciilifeform: i know of ZERO exceptions to 'hey dudebroz, i built rng!111 and here's how i whitened, because MUST...'
asciilifeform: phf: five bucks and a soldering iron buys you a very acceptable rng.
asciilifeform: i guess she only does bad-rng, and not absent-primality-test...
asciilifeform: 'GB-OS has standard UTM features which can be augmented with subscription options that enhance the firewall capabilities. ' << can chump buy a working rng??
asciilifeform: how about broken rng detection, imbeciles ?
asciilifeform: http://btcbase.org/log/2016-09-05#1534601 << freebsd did same, and at the same time removed ~all~ entropy from rng. and distributed this crock of shit for year+.☝︎
asciilifeform: the abortion discussed in the recent rng thread.
asciilifeform: mircea_popescu: typically the key used for actually logging in is generated on same box. with same braindamaged rng. hopefully i dun need to draw a picture, it makes sense
asciilifeform: and could potentially blow considerably (say, 100,000x) moar, if we knew the mechanism (e.g. 'marsaglia rng seeded with last 16 bits of time stamp at first boot) which produced them.
asciilifeform: mircea_popescu: the major point re the Framedragger keyz, is that if going by the usual braindamaged-rng hypothesis, we are uncovering a small % of phuctorables.