log
500+ entries in 0.163s
mircea_popescu: douchebag, 99% of criminals hacking companies are working for a criminal organisation calling itself "the united states govewrnment", and 99% of the time their hacks include some rng-breaking component,.
a111: Logged on 2018-03-28 19:32 asciilifeform: funnily enuff, if working rng were standard on pc, 128bits from it would give unique-gensym ( the supposed problem , according to the gcc nitwits, with mktemp , is collision ) without O(N) searching ( as in mkstemp) with probability ~1
asciilifeform: recall, we already had a 'set top bit and nexprime()' bunch: http://qntra.net/2016/08/phuctor-finds-seven-keys-produced-with-null-rng-and-other-curiosities
asciilifeform: and by extension, for instance, rng ( witness the lack of excitement among heathens in re fg, for instance : 'expensive, and what exactly does this do that my intel doesn't')
asciilifeform: ( http://qntra.net/2016/08/phuctor-finds-seven-keys-produced-with-null-rng-and-other-curiosities in vintage lulz ; still digging for the item above )
asciilifeform: ( where you apply a magictransform to the whole rfc4880 turd, to get a lattice and get the privs; or at the very least, diddled rng that gives e.g. 48 bits of possible keyspace, so nobody finds straight collision, but their asic can walk it, or the like.
asciilifeform: since the debian incident, enemy stepped up the 'NOBUS' crapola; no noar '32768 possible keys, total', instead things moar in the spirit of http://qntra.net/2016/08/rng-whitening-bug-weakened-all-versions-of-gpg
deedbot: http://www.dianacoman.com/2018/05/03/eucrypt-chapter-13-smg-rng/ << Ossasepia - EuCrypt Chapter 13: SMG RNG
ben_vulpes: http://logs.bvulpes.com/trilema?d=2018-5-2#346916 << "On a system I'm testing on, in practice, the RNG just reads the DMI table and then, since the DMI table is way bigger than 64 bytes, immediately moves to crng_init==1 without using even a single sample of interrupt randomness."☝︎
asciilifeform: illustration, so to speak, of the connection b/w 'physical' entropy and the rng one
asciilifeform: there is afaik no adult rng on board ( in what, exactly, is there one ? ) but it has usb socket for FG; and the typical shit webcam for gurl-powered rng in principle.
danielpbarron: diana_coman, a package called sys-apps/rng-tools has a thing called 'rngd'
a111: Logged on 2018-04-22 17:46 asciilifeform: d00d spends his days having 2way convos with his rng.
asciilifeform: d00d spends his days having 2way convos with his rng.
zx2c4: in otherwords, the kernel's built-in RNG
asciilifeform: since you mentioned rng : what source of rng does your system use in a typical configuration ?
zx2c4: when the RNG is backdoored, the ephemerals are compromised, but not necessarily the statics
asciilifeform: 1 caveat re 'brute force needs machine the size of 10^bignum universes running for 10^biggernum yrs' is that it presumes a flat keyspace. whereas if instead you can exclude large chunks ( because, e.g., winblowz rng is known to never output'em , or some other likewise ) ...
asciilifeform: funnily enuff, if working rng were standard on pc, 128bits from it would give unique-gensym ( the supposed problem , according to the gcc nitwits, with mktemp , is collision ) without O(N) searching ( as in mkstemp) with probability ~1
asciilifeform: ideally would want also not merely 'all 0' and 'all 1' but rng, and then to plot time vs hammingweight, and look for correlation
mod6: http://p.bvulpes.com/pastes/IKJAK/?raw=true << ok with feeding it in with '<' it seems to do somthing here... had some trouble trying to read it directly said 'Could not read from RNG!'
mircea_popescu: The exact micro-chip carries a great impact if perhaps you will be a winner or perhaps a non-winner throughout texas holdem video. The method locations you within the fretting hand will be of value, even now, content material micro-chip commonly known as all of the RNG (Occasional Total Traffic generator) which gives the necessary steps for a professional to manipulate the exact cunning participate in and even botch the possi
asciilifeform: technically it wants ~three~ ttys, one for normal i/o, one for eggogs, one for rng
asciilifeform: mircea_popescu: the orig prototype rng
asciilifeform: the difference b/w http://btcbase.org/log/2018-01-26#1776941 and e.g. koch-rng remains apparent to anybody with half a brain☝︎
asciilifeform: or a defective rng. or hell knows just about every broken-but-running mechanism.
a111: Logged on 2018-01-19 02:22 mircea_popescu: asciilifeform no, he's evidently not useful. but he's not a logic gate, either. he's certainly not human. the fundamental identification/classification of "i will deliver result X through randomly chosen path each time" is... rng. at least to my mind.
asciilifeform: in the sense where my chair is rng.
mircea_popescu: you ~use it~ as a clock crystal. but what it is... well... it's actually a rng.
asciilifeform: i meant in the sense where e.g. the clock crystal on the fg, is not itself an rng. even tho it has jitter.
mircea_popescu: asciilifeform no, he's evidently not useful. but he's not a logic gate, either. he's certainly not human. the fundamental identification/classification of "i will deliver result X through randomly chosen path each time" is... rng. at least to my mind.
asciilifeform: not one that you'd want to use as an rng, at any rate.
asciilifeform: it ain't an rng if i can compress the output .
asciilifeform: if you like, rng with clearly visible spectral peak.
mircea_popescu: but any implemented oscillator is a... rng ?
mircea_popescu: so this definitionally makes him a meat rng then ?
mircea_popescu: when you say "not meat rng", how do you base this ?
asciilifeform: motl is not a meat rng tho. d00d suffers from a clearly identifiable fixation, 'the west' (tm)(r) where there is a 'capitalism' (tm)(r)
asciilifeform: incidentally the 'pull out rng 'a', then 'b', then 'both', then...' test is a low-tech preventer of 'enemy intercepts parcel and reflashes the cpld to shit marsaglia prng'.
mircea_popescu: alright, i will now proceed to "rng" your lines. starting with above : 21ec922676d4145fbcbc4e1d05436e31ffc45b0b6b30c38f3397840a2111282640ab321b906a9d911af757a3a6b550e8fc9aaffc9089a1ca881d980f60617c9b
asciilifeform: http://btcbase.org/log/2018-01-12#1769493 << very basic specificity-of-diddling lemma. i.e. if i put today's trilema through it, it isn't as if it knows in advance that it ain't an analogue-rng-board plugged in, and what to shit out in response to a trilema that ain't yet been written☝︎
mircea_popescu: rng is not a resonance magic pill, just a resonance de-debugable-izers.
mircea_popescu: asciilifeform definitionally, if your rng is any good, it will type out shakespeare every so often.
asciilifeform: mircea_popescu: almost definitionally, if yer rng is any good, it won't be pumping any resonance anywhere
asciilifeform: mircea_popescu: plugging prng in the place of the rng != deterministic algo in the civilized sense
asciilifeform: good rng in fact lubricates convergence in all kinds of sims
asciilifeform: in that case rng. in fact this is almost definition of what trng is for.
asciilifeform: 'what if running on toaster, with no rng'
asciilifeform: ( 'fixed' rng also.. )
asciilifeform: ^ boatload of funstuff concerning , e.g., rng testing methodology; rigorous approach to stego; novel attacks on symmetriccipherolade; various other interesting ( and quite compact ) items.
asciilifeform: mircea_popescu: actually frag is very capricious item, 'good rng' , 100+ yrs of credible reports of folx within 'guaranteed corpse' radius, surviving with minor injury
mircea_popescu: insanity === broken rng.
mircea_popescu: much simpler than that : if your rng is broken someone somewhere will exploit it.
asciilifeform: mircea_popescu: maybe at some point we auction prototype rng ( asciilifeform has a few , mircea_popescu also, and somebody else i think )
mircea_popescu: (nothing in crypto is useful, either, which severely limits the rng uptake apparently -- if your crypto dun work anyway what need is rng item or somesuch)
mircea_popescu: evidently nothing in crypto is useful without rng ; what's this to do with anything ?
asciilifeform: ( what's the use, incidentally, of a cramershouptron, without sane rng ? )
asciilifeform: and instead sat around uselessly , and wasted time making and selling rng in the meantime also, lol
asciilifeform: ( i for instance have some approximate notion of how many people have an actual rng. the number is not large. )
asciilifeform: ( for n00bz : ~one~ failure of rng leaks entire privkey, in dsa. )
asciilifeform: if server generates all keys, client dun need an rng at all.
asciilifeform: diana_coman: now let's split 1 byte into ~four~, A,B,C,D. we take same transform and do it to X and Y in turn. in total, we've used 4 bytes from rng device, to cut 1 byte into 4 otpfrags.
asciilifeform: diana_coman: lemme give specific example. start with splitting 1 byte. to split byte B into X and Y, you take byte R from rng, and compute B xor R = X. then Y = R . X xor Y = B .
asciilifeform: ( your encipherment speed is limited to 1/S of your rng's bit rate, where S is the splitness )
asciilifeform: to expand a K-bit (block and key, we'll assume, are each K-bit) voodoocipher to J bitness, xor split ( on rng ); having generated J / K independent keys; each incoming plaintext block of J bits, is cut into J / K blocks, and each enciphered with the corresponding key. decipher -- same.
asciilifeform for some reason unable to turn up the thread in the l0gz where we did the 'rng design is not a technical problem , but a political problem' thing
mircea_popescu: asciilifeform so what do i get from divide by 0 ? rng ?
apeloyee: http://btcbase.org/log/2017-11-14#1737571 << if k MSBs of N are 1s, then k MSBs of p and q both are 1s, ie it only leaks sometimes. the leak itself is small, but since slightly biased RNG wouldn't be acceptable, then why this is?☝︎
asciilifeform: afaik even the shoddiest 1980s hash algo, produce ~perfect 'white noise'. hence the popularity of faux-rng via hashwhitener etc.
asciilifeform: and is as balanced as your rng is honest
asciilifeform: dun need periodicity for rng diddle, necessarily
asciilifeform: generally there are cheaper ways to make use of 'key' to chump rng
mircea_popescu: "all you need to know is where the signature 1blocks come in the "rng", as they will be preserved by binary mult, can be seen in modulus."
mircea_popescu: kinda why faux rng calibration is done on 1blocks in the first place.
mircea_popescu: (on proper rng. on bs prng / kochgpg etc, they don't.)
asciilifeform: in an honest rng
diana_coman: http://btcbase.org/log/2017-11-14#1737414 <- confirmed; I do NOT use any nextprime or other "rng"-parts from gpg; current rsatron prototype simply grabs nbits from fg, flips the 2 top bits and 1 bottom bit as per previous discussion and then checks if result is prime; if prime then keep, otherwise discard and try again; no "add 2 until prime" or other such thing☝︎
asciilifeform: afaik the only remaining, and most obvious 'loss' is the one implicit in prime number theorem ( where , wat, ~10k possible rng outputs correspond to same prime output )
asciilifeform: ( she is using my sanitized gpg bignum. but i did not preserve koch's faux-rng atrocity ; so anything pertaining to entropy, is new )
mircea_popescu: the reason is that (in a translation of what koch-gpg does into sanity) you take 2045 bits of rng for each possible prime, stick 11 in front and 1 in the tail and THAT is your 2048 bit prime candidate.
a111: Logged on 2017-11-10 14:12 asciilifeform: when i sit to play a game, it feels like dereliction of duty, with, e.g., ffa yet undone, dulap not yet replaces, scintollator rng not complete, 9000 other processes
asciilifeform: when i sit to play a game, it feels like dereliction of duty, with, e.g., ffa yet undone, dulap not yet replaces, scintollator rng not complete, 9000 other processes
asciilifeform: and since i built the rng, i can also be quite certain that there is not such a prime that it will forever avoid generating.
apeloyee: can't. I was sarcastic, because I don't see how CRT construction can amplify, assuming not obviously broken/backdoored RNG. why won't long-range correlations kill mthe "pick random prime" method as well?
apeloyee: perharps running rabin-miller "amplifies small/temporary imperfections in the rng, into fatal"
asciilifeform: the use of constructed primes, potentially amplifies small/temporary imperfections in the rng, into fatal
asciilifeform: 1 problem is that perfect uniform distrib and perfectly independent rng bits, cannot be shown to exist physically.
asciilifeform: and i will NOT make a rng that doesn't work with msdos box
asciilifeform: i dun like having rng that is physically capable of putting out nonrandom.
asciilifeform: ( a shit rng that fools ent is much easier to build, even by accident, than same vs dieharder )
asciilifeform: really it is good for finding catastrophically broken rng, and no moar
shinohai: In other faulty rng's http://archive.is/Wm4e7
asciilifeform: no actual detail of rng diddle, shown.
a111: Logged on 2016-02-10 19:29 asciilifeform: (incidentally, the problem of an inner cipher introducing known-plaintextisms is solved routinely by splitting the payload into xor-able halves, using rng, and enciphering each ~half~ with different cipher, rather than box-in-box composition)
asciilifeform: unbiased -- in this case -- would mean that it eats ANY bitstring from rng, R, and maps it to UNIQUE prime , P
mircea_popescu: famously, maple misidentified the guy's number. not because of rng, eiher.
asciilifeform: mircea_popescu: chance of these without sabotaged rng is < chance of meteorite
asciilifeform: mircea_popescu: all that means is that one of the inputs comes from rng.
asciilifeform: because all you do is get NEXT N bits from rng, they have ( if rng is proper ) 0 relation to previous N
asciilifeform: rejecting rng result that doesn't pass the gcd sieve -- leaks nothing