log
500+ entries in 0.15s
a111: Logged on 2019-01-22 06:57 BingoBoingo: <asciilifeform> BingoBoingo: how does it cache the e.g. tB of rng i happen to generate in racked box in jp and dload via ssh ? << I will say that this does suggest .jp s a candidate for Pzarro rack 2 when that time comes
BingoBoingo: <asciilifeform> BingoBoingo: how does it cache the e.g. tB of rng i happen to generate in racked box in jp and dload via ssh ? << I will say that this does suggest .jp s a candidate for Pzarro rack 2 when that time comes
asciilifeform: BingoBoingo: how does it cache the e.g. tB of rng i happen to generate in racked box in jp and dload via ssh ?
asciilifeform: prolly cuz the rng picked that one letter to drop this time around
asciilifeform: re nn in general -- i vaguely suspect that a quality rng might actually cure the http://btcbase.org/log/2017-07-20#1687624 problem. but again i dun have any pigs, so haven't had occasion to try. ☝︎
asciilifeform: i'll add , for completeness of thread, that if yer ~sending~, rather than receiving, rsa packets, your bottleneck will be ~rng~ long before it could ever be the arithmetron per se
mircea_popescu: how the fuck would this even work, indulge me. arm processor just invents rng opcode ?
asciilifeform: ( and no it aint in 'ent' or 'diehard' or in afaik any pc rng tester, it moar or less demands fpga )
a111: Logged on 2019-01-15 22:10 mircea_popescu: (ie, you can construct an infinity of rng strings which'll make a given sct "falsely" converge)
asciilifeform: http://btcbase.org/log/2019-01-15#1887347 << not only this, but to date no rng has actually sufficed (i.e. sufficiently independent bits) to make the thing go in reasonable time ☝︎
mircea_popescu: (ie, you can construct an infinity of rng strings which'll make a given sct "falsely" converge)
asciilifeform: 1 of the reasons i put this in the l0gz is that when i went to dig, turned up that erry attempt to date to do sumthing nontrivial with 'stochastic multiplier' broke teeth against rng quality.
asciilifeform: then to get integers back out, you run the process in reverse, via another comparator. it converges to the desired answer in finite ( depending on rng quality ) clock ticks.
asciilifeform: you represent the inputs ( any # of'em ) via stochasticizers, i.e. each 1 gets a comparator that eats N bits of rng and outputs a 1 if they represent integer <= the currently latched binary number, 0 otherwise.
asciilifeform: and meanwhile, in sunken atlantises : j. von neumann, the afaik last fella to really invent anyffin in re kompyooting, actually devised an interesting application for fast unbiased rng ( which did not exist in his time ). can use it to multiply large numbers with near-total noise immunity, using only an 'and' gate and two comparators.
asciilifeform: asciilifeform's recommended recipe for m-rism still remains 'feed actual rng for witnesses'
asciilifeform: incl. the rng ( this is why the thing takes an arbitrary unix path for rng dev )
asciilifeform: and indeed the quality of rng is 'jesus bolt' when running m-r in battlefield.
asciilifeform: which is why mine reads witness as param rather than directly from rng
asciilifeform: grr, moar complicated than i initially pictured, because m-r ~also~ demands rng
asciilifeform: of what ? that's the obv. version ( get from rng, until gcd shows that no small factors, and then m-r )
mircea_popescu: http://btcbase.org/log/2015-07-08#1193607 << this makes for a pretty lulzy re-read, in the context of the meanwhile better fleshed out notions of structure and trees and whatnot. isn't it obvious, asciilifeform , that the ~substantial difference~ is not at all the "head rng" but simply the extension and especially quality of the conceptual trees involved ? the "head v" so to speak ? ☝︎
asciilifeform: it is, and x is a random string from rng
asciilifeform: imho e.g. diddled pgp rng, is moar interesting than firefucks buffer overrun, the latter is used 9000/d but for whom is used the former i have nfi, it hasn't publicly leaked.
mircea_popescu: kinda states differently ye olde "ciphers are not worth having when encryption's available". IF you have rng to piss out, might as well find some primes.
a111: Logged on 2017-02-14 19:19 asciilifeform: specifically, for every byte you intend to send, you instead send two: x, y. which you generate by obtaining rng byte r, and payload byte b, and x := b xor r, y := r
mircea_popescu: the more i think about this whole serpent business, the more it becomes evident that the ~only~ way to have a cipher (not encryption, ie, asym keys, but enciphering, ie, simmetric keys) stronger than serpent is to ~mix rng bits~. ie, the weakest cipher is the one where len(E) = len(P), and they're all equally week, and 1 serpent worth. to go stronger, you must have something that has len(E) = a len(P) + b sorta thing. the key
asciilifeform: i dunno that i've ever thrown anything but rng into 'your age' 'location' etc. crapola survey
asciilifeform: if only merely 'spun in desert'. these are the folx who gave us 'i lost mah keyz' zimmarman, who then pupated into 'rng, what rng' koch, et al
mircea_popescu: rng barf.
asciilifeform: mircea_popescu: yea but is there a coherent picture in the psychosis or only rng barf.
asciilifeform: but moar or less rng
asciilifeform: ( i recommend to read the sores , you will learn how asciilifeform approached the whole rng biz )
asciilifeform: danielpbarron: yer on a computer, errything is at least slightly buffered. problem with 'here's a year worth of rng' is 1) somebody gets to it 2) what when you run through ?
danielpbarron: pretty sure it was RNG + player seeds, publish after hand/game
asciilifeform: danielpbarron: seems like in that case you dun need any rng at all
asciilifeform: if you stored rng, and somebody gets a peek...
asciilifeform: danielpbarron: we have a thread re the problem of storing rng.
asciilifeform: rly, danielpbarron , you'd make a poker without rng ?
asciilifeform: or that FUCKGOATS rng is built to speak rs232 at 115200 baud and always will be
a111: 14 results for "debian rng", http://btcbase.org/log-search?q=debian%20rng
asciilifeform: !#s debian rng
asciilifeform: rather than rng hiss
a111: Logged on 2018-11-01 17:44 asciilifeform: i had to algebraize the thing , and have just the right rng bits flip in head , to get the 'ceiling tiles' ( why didn't mircea_popescu get'em in '15 ? )
asciilifeform: why not whole thing from rng.
asciilifeform: BingoBoingo: evidently the paper can be whatever they like, if rng-generated names are apparently ok nao
asciilifeform: the fixed structure elements in oaep bother asciilifeform . ( initially was gonna do destructurization differently : each bit of payload turned into 4 via rng xor, then fisher-yates shuffle, then the 'deshuffling' binarysort code is appended to message. you can prove that the output is 'all or nuffin' transform. )
bvt: just tested ffa-8 where rng was introduced -- it works fine. would be trying to understand what is wrong with my code, then
bvt: i used gnat 2017. will test ffa rng code and see if it works out.
asciilifeform: bvt: which gnat are you using ? i've never observed any such thing ( and i use the same restriction, http://btcbase.org/patches/ffa_ch11_tuning_and_api/tree/ffa/libffa/restrict.adc#L76 , ~with~ sequential i/o, http://btcbase.org/patches/ffa_ch11_tuning_and_api/tree/ffa/ffacalc/ffa_rng.adb#L49 )
asciilifeform: the other point, is that i dun see why even have key-inflaters. use rng for the fucking key, all of it
asciilifeform: i had to algebraize the thing , and have just the right rng bits flip in head , to get the 'ceiling tiles' ( why didn't mircea_popescu get'em in '15 ? )
asciilifeform: diana_coman: rng.adb / Get_Octets -- you'll prolly want a timeout there
asciilifeform: i.e., ic that when paired with another of its kind, and rng, saves internally the pad; but won't simply disgorge it unless in a synchronous link with the item it was synced with, as described in the algo.
mircea_popescu: asciilifeform consider also that if a, b, c, d, e, f are rng words, then (P xor a) xor b) etc does not in fact substract anything.
asciilifeform: ( not even speaking of fact that this aint a function of the inputs, in the civilized sense, it is a function of input and rng )
asciilifeform: let's try this. so i throw in {1,2,3,4,5} and the rng cranks and i get a {1,2,3,5,5}, then i put it back and rng cranks again and i get a {1,2,3,4,4}, with nonzero probability. so i reversed ??
asciilifeform: and yes it means that rng bitrate will constrain write speed. but it aint as if this is not solvable problem.
asciilifeform: mircea_popescu: somewhat related observation: designers of blockciphers are fixated on 'what if known plaintext block', but it is not clear to me why this has to be a living problem when you can fill up 1/4 or 1/2 or whatever of block with rng
asciilifeform: along with , ideally, some rng crud
asciilifeform: key lives in sram, which gets waltzed with rng whenever unkeyed and power is available.
asciilifeform: ( specifically: need to carry pads often (not any moar, carry 1TB disk etc ) ; reuse of pad ( nomoar, burn each block after use ) ; shit rng (nomoar, we have decent rng ) )
asciilifeform: the scheme of course lives and dies by the rng; but this is common to any form of crypto whatsoever.
asciilifeform: this kinda thing is 1 obvious application for a quality rng ( dun even have to be blazing fast rng, an ordinary FG handily fills a 1G card in ~week or so )
asciilifeform: the method where you exchange cards, has 2 wins: it is not enuff for enemy to get copy of simply 1 card, must get one of each ; and rng failure on 1 side doesn't sink you, you get combined reliability of the 2 rng's ( perhaps yours is of 1 type, and other fella's -- another )
asciilifeform: diana_coman: the 1 crackpottery i've considered adding to FG-2, is an 'authenticated' mode, where userland proggy gets ability to verify that rng bits actually came from a particular FG. the way to do it would be to have a keccak salt, printed on the board, and have the thing send , instead of naked bytes, packets, of b0,b1,...bN bytes, followed by keccak(salt, b0,b1,...bn) . could be enabled by jumper setting, conceivably.
asciilifeform: if x86 pc were a product of sane folx, it'd have rng sockets on mobo...
asciilifeform: chinese examtaker , or the '2030' people mircea_popescu linked, resemble 'fast comp but without rng'
asciilifeform: you wouldn't have to change anyffing else in about it, can pad the unused 2 bytes with rng.
asciilifeform: mircea_popescu: i find myself wondering how many physics folx sit and bite their lips, 'monte carlo dun work so good...', cuz they bought $50k swiss 'quantum rng' that whitens with sha.
asciilifeform: ( my sim -- converged!11 -- when i fed it... don lancaster's geiger rng tarball. )
asciilifeform: if pc had been designed by sane folx, it'd have rng that worx at bus speed, and nobody could have even conceived of this nonsense.
asciilifeform: mircea_popescu: recall also how the thing came to be ( was idjit hack, around the fact that 'sshd wants entropy at boot time, before rng init' or somesuch )
asciilifeform: but if i'm overwriting a 8TB disk prior to taking it to crematorium, i'd rather urandom, i dun presently have a 200M/sec rng
a111: Logged on 2018-10-11 19:59 phf: but it also seems that before that becomes reality we either have to patch linux kernel or implement a rng daemon or somesuch
a111: Logged on 2018-10-11 19:34 asciilifeform: phf, bvt : i thought of a possible algo for sane tmp file creation that dun need rng or global counter. 1) pick a file name in tmp dir, if none exists, take empty string, as string S 2) produce S' = H(S) , H is hash (e.g. keccak) 3) stat(S') ; if already exists, take S'' = H(S') and repeat .
phf: but it also seems that before that becomes reality we either have to patch linux kernel or implement a rng daemon or somesuch
phf: asciilifeform: i believe that was the real conclusion of yesterday's conversation: you want easy access to a real rng from any republican process at any time, and that makes a lot of idiotic problems go away
asciilifeform: if you have a working rng, all you gotta do is take 256 bits from it, and no need to stat() or anyffing; the chance of collision is coupla orders of magnitude smaller than asteroid flattening the machine
asciilifeform: phf, bvt : i thought of a possible algo for sane tmp file creation that dun need rng or global counter. 1) pick a file name in tmp dir, if none exists, take empty string, as string S 2) produce S' = H(S) , H is hash (e.g. keccak) 3) stat(S') ; if already exists, take S'' = H(S') and repeat .
bvt: Apparently those addresses are used as 'poor man's RNG'
asciilifeform: ( if rng is sad, absolutely anyffing can happen, and imho this oughta be understood by errybody )
asciilifeform: rng is 'jesus bolt'
a111: Logged on 2018-09-18 14:26 asciilifeform: mircea_popescu: i wrote the item originally for gossipd experimentations. udp gives a max practical packet length ( what it is , remains to be determined ) and if given proggy's protocol needs variably-sized ones, you can pad with rng.
asciilifeform: mircea_popescu: i wrote the item originally for gossipd experimentations. udp gives a max practical packet length ( what it is , remains to be determined ) and if given proggy's protocol needs variably-sized ones, you can pad with rng.
asciilifeform: ( anybody lacking the secretsalt and currentkey, sees simply 512byte of rng )
shinohai: I was about to say, can take pick of whitened rng's online nau
asciilifeform: ( erry heathen rng i know of , includes... )
asciilifeform: mircea_popescu: there is sometimes 1 or even 2 rs232 ports , but they go at -12v/+12v , and needs level shifter, which in turn oscillates, and potentially pollutes rng
asciilifeform: ( tho perhaps, a FG with only 1 rng plugged in, could be a 'fuckgoat' )
asciilifeform: ave1: simulator won't give you much useful to work with re analogue rng, considering that it relies on amplification of physical (johnson) noise
ave1: I was reading through the fg design (doing experiments with circuit simulators to see how the RNG might work etc). I'll just continue with the next step.
asciilifeform: conceivably rng is separable, can simply be rs232 jack in which e.g. FG goes.
mircea_popescu: am i going to have rng ? how small can it then be ? if not small, and rng, why is it not using a proper terminal ?
mircea_popescu: am i going to have no rng in this wallet ? how make change address then ?
asciilifeform: ( why? because asciilifeform doesn't like to crypto in any form, even as toy, on boxes without rng, and some of his trb dev machines at the time had none )
asciilifeform: esthlos: the one piece of iron which was catastrophically absent was rng, and this was fixed
a111: Logged on 2018-06-15 13:10 diana_coman: phf, please add the last 2 patches of eucrypt: http://www.dianacoman.com/2018/05/03/eucrypt-chapter-13-smg-rng/ and http://www.dianacoman.com/2018/06/15/eucrypt-manifest-file/
diana_coman: phf, please add the last 2 patches of eucrypt: http://www.dianacoman.com/2018/05/03/eucrypt-chapter-13-smg-rng/ and http://www.dianacoman.com/2018/06/15/eucrypt-manifest-file/
asciilifeform: likewise, with a popped unit it will be possible to take multi-GB samples of the onboard rng, and examine this.