log
500+ entries in 0.185s
asciilifeform: mircea_popescu: maybe at some point we auction prototype rng ( asciilifeform has a few , mircea_popescu also, and somebody else i think )
mircea_popescu: (nothing in crypto is useful, either, which severely limits the rng uptake apparently -- if your crypto dun work anyway what need is rng item or somesuch)
mircea_popescu: evidently nothing in crypto is useful without rng ; what's this to do with anything ?
asciilifeform: ( what's the use, incidentally, of a cramershouptron, without sane rng ? )
asciilifeform: and instead sat around uselessly , and wasted time making and selling rng in the meantime also, lol
asciilifeform: ( i for instance have some approximate notion of how many people have an actual rng. the number is not large. )
asciilifeform: ( for n00bz : ~one~ failure of rng leaks entire privkey, in dsa. )
asciilifeform: if server generates all keys, client dun need an rng at all.
asciilifeform: diana_coman: now let's split 1 byte into ~four~, A,B,C,D. we take same transform and do it to X and Y in turn. in total, we've used 4 bytes from rng device, to cut 1 byte into 4 otpfrags.
asciilifeform: diana_coman: lemme give specific example. start with splitting 1 byte. to split byte B into X and Y, you take byte R from rng, and compute B xor R = X. then Y = R . X xor Y = B .
asciilifeform: ( your encipherment speed is limited to 1/S of your rng's bit rate, where S is the splitness )
asciilifeform: to expand a K-bit (block and key, we'll assume, are each K-bit) voodoocipher to J bitness, xor split ( on rng ); having generated J / K independent keys; each incoming plaintext block of J bits, is cut into J / K blocks, and each enciphered with the corresponding key. decipher -- same.
asciilifeform for some reason unable to turn up the thread in the l0gz where we did the 'rng design is not a technical problem , but a political problem' thing
mircea_popescu: asciilifeform so what do i get from divide by 0 ? rng ?
apeloyee: http://btcbase.org/log/2017-11-14#1737571 << if k MSBs of N are 1s, then k MSBs of p and q both are 1s, ie it only leaks sometimes. the leak itself is small, but since slightly biased RNG wouldn't be acceptable, then why this is?☝︎
asciilifeform: afaik even the shoddiest 1980s hash algo, produce ~perfect 'white noise'. hence the popularity of faux-rng via hashwhitener etc.
asciilifeform: and is as balanced as your rng is honest
asciilifeform: dun need periodicity for rng diddle, necessarily
asciilifeform: generally there are cheaper ways to make use of 'key' to chump rng
mircea_popescu: "all you need to know is where the signature 1blocks come in the "rng", as they will be preserved by binary mult, can be seen in modulus."
mircea_popescu: kinda why faux rng calibration is done on 1blocks in the first place.
mircea_popescu: (on proper rng. on bs prng / kochgpg etc, they don't.)
asciilifeform: in an honest rng
diana_coman: http://btcbase.org/log/2017-11-14#1737414 <- confirmed; I do NOT use any nextprime or other "rng"-parts from gpg; current rsatron prototype simply grabs nbits from fg, flips the 2 top bits and 1 bottom bit as per previous discussion and then checks if result is prime; if prime then keep, otherwise discard and try again; no "add 2 until prime" or other such thing☝︎
asciilifeform: afaik the only remaining, and most obvious 'loss' is the one implicit in prime number theorem ( where , wat, ~10k possible rng outputs correspond to same prime output )
asciilifeform: ( she is using my sanitized gpg bignum. but i did not preserve koch's faux-rng atrocity ; so anything pertaining to entropy, is new )
mircea_popescu: the reason is that (in a translation of what koch-gpg does into sanity) you take 2045 bits of rng for each possible prime, stick 11 in front and 1 in the tail and THAT is your 2048 bit prime candidate.
a111: Logged on 2017-11-10 14:12 asciilifeform: when i sit to play a game, it feels like dereliction of duty, with, e.g., ffa yet undone, dulap not yet replaces, scintollator rng not complete, 9000 other processes
asciilifeform: when i sit to play a game, it feels like dereliction of duty, with, e.g., ffa yet undone, dulap not yet replaces, scintollator rng not complete, 9000 other processes
asciilifeform: and since i built the rng, i can also be quite certain that there is not such a prime that it will forever avoid generating.
apeloyee: can't. I was sarcastic, because I don't see how CRT construction can amplify, assuming not obviously broken/backdoored RNG. why won't long-range correlations kill mthe "pick random prime" method as well?
apeloyee: perharps running rabin-miller "amplifies small/temporary imperfections in the rng, into fatal"
asciilifeform: the use of constructed primes, potentially amplifies small/temporary imperfections in the rng, into fatal
asciilifeform: 1 problem is that perfect uniform distrib and perfectly independent rng bits, cannot be shown to exist physically.
asciilifeform: and i will NOT make a rng that doesn't work with msdos box
asciilifeform: i dun like having rng that is physically capable of putting out nonrandom.
asciilifeform: ( a shit rng that fools ent is much easier to build, even by accident, than same vs dieharder )
asciilifeform: really it is good for finding catastrophically broken rng, and no moar
shinohai: In other faulty rng's http://archive.is/Wm4e7
asciilifeform: no actual detail of rng diddle, shown.
a111: Logged on 2016-02-10 19:29 asciilifeform: (incidentally, the problem of an inner cipher introducing known-plaintextisms is solved routinely by splitting the payload into xor-able halves, using rng, and enciphering each ~half~ with different cipher, rather than box-in-box composition)
asciilifeform: unbiased -- in this case -- would mean that it eats ANY bitstring from rng, R, and maps it to UNIQUE prime , P
mircea_popescu: famously, maple misidentified the guy's number. not because of rng, eiher.
asciilifeform: mircea_popescu: chance of these without sabotaged rng is < chance of meteorite
asciilifeform: mircea_popescu: all that means is that one of the inputs comes from rng.
asciilifeform: because all you do is get NEXT N bits from rng, they have ( if rng is proper ) 0 relation to previous N
asciilifeform: rejecting rng result that doesn't pass the gcd sieve -- leaks nothing
mircea_popescu: leaking rng quality is more of a concern for debian/prngs.
asciilifeform: apeloyee: no contradiction. the variability of time is in the ~test~, not the output result , which naturally will vary depending on what rng gave you
mircea_popescu: incidentally, if looking for 4096 bit prime wouldn't the correct approach be to take 4094 bits of rng and glue 1 on either end ?
a111: Logged on 2017-08-14 16:14 asciilifeform: ( tldr : superiority of the FUCKGOATS-enabled approach, of get-new-N-bits-from-rng-then-primalitytest-until-done, vs the kochian get-N-bits-then-increment-until-passes-millerrabin )
asciilifeform: phun phakt, this calculation is taken from the gpg autopsies last summer, when asciilifeform was chasing imaginary rng boojum after somebody found a real one
asciilifeform: i actually considered own variant of this for 'chemical rng' , but realized that it is screamingly impractical
asciilifeform: you will notice that koch's rng atrocity ain't in there.
a111: 21 results for "gpg rng", http://btcbase.org/log-search?q=gpg%20rng
asciilifeform: !#s gpg rng
cruciform: asciilifeform: I want auditable RNG, and rolling dice is putting me on tilt
asciilifeform: cruciform: if you 'just want' 'an rng, dun matter what kind' -- the cost is 0, your cpu maker already supplied you with a liquishit rng
mod6: asciilifeform: so far, i've only gone to the extent of unplugging both RNG-TWs and ensuring that the SAD lamp does what it should.
asciilifeform: FG-II rng will prolly have 4 pins, 1 for shifter pulse, to make yoking ultra-easy at ~0 cost.
asciilifeform: i'm partial to well-made electric rng
asciilifeform: it is my policy not to ask FG buyers any questions, i have nfi why bought, whether to use as rng or fishing lure, and don't really care
asciilifeform: i would ask 'what's to keep some unrelated d00d from making walletrons that simply talk over rs232..' but then remembered that it is probably same thing that keeps'em from making rng where ditto despite how OMFG WE PUBLISHED DESIGN
asciilifeform: i ran into it when trying to replicate the classical 'dead rng' debian setup
mircea_popescu: and besides there's already a rng.
mircea_popescu: asciilifeform consider something like : 1. split item to sign into 512 byte blocks. create block 0 from rng. sign hash(block 0), hash(block 1 + hash(block 0)), hash(block 2 + hash(block 1 + hash(block 0))), and so following.
asciilifeform: lol debian rng
a111: Logged on 2017-09-01 22:15 asciilifeform: 'We submitted extensive information about our random number generator (RNG) to an independent organization. We asked this trusted resource to perform an in-depth analysis of the randomness of the output of the RNG, and its implementation in the shuffling of the cards on our platform.'
asciilifeform: Barbarossa_: there are commercial rng that use interferometer, yes ( NONE of them auditable by owner, in fact many epoxied and otherwise artificially painful to examine )
asciilifeform: 'We submitted extensive information about our random number generator (RNG) to an independent organization. We asked this trusted resource to perform an in-depth analysis of the randomness of the output of the RNG, and its implementation in the shuffling of the cards on our platform.'
asciilifeform: Barbarossa_: where can i find out re pokerstars rng ?
asciilifeform: Barbarossa_: see also http://qntra.net/2016/08/rng-whitening-bug-weakened-all-versions-of-gpg
asciilifeform: i experimented with many types of rng.
asciilifeform: analogue effects in practice suck for proper rng
asciilifeform: i expect a pokerist would have something to say re rng, aha
asciilifeform: plenty of green field left also. e.g. the freebsd-had-no-rng-for-two-years thing
mircea_popescu: funny you should mention that, there's also a discussion re rng and power in teh logs.
asciilifeform: !~google mercury switch rng
asciilifeform: and - while we're on subj -- the naive replacement, a ball-in-pipe tilt switch, is NOT suitable for rng -- contact bounce is patterned; and oxidized contacts -- semiconduct.
mircea_popescu: kv-1 rng
asciilifeform: in other quasi-noose, here's a simple electric rng suitable for very low bit-rate application ( e.g. walletrons for sig nonce ) : small mercury tilt switch, gates clock signal to counter, and a flipflop. when the latter toggles, the counter value is forwarded to a register; every 2 shots end up vonneumanned and xor'd into the output reg.
mircea_popescu: that's his point, if you have the rng it's much better quality secret primes for the same effort.
shinohai: yup. also same one with the single-integer rng bug.
asciilifeform: 'rng bits are expensive' spawned quite a few idiocies , by itself
a111: Logged on 2017-08-14 16:14 asciilifeform: ( tldr : superiority of the FUCKGOATS-enabled approach, of get-new-N-bits-from-rng-then-primalitytest-until-done, vs the kochian get-N-bits-then-increment-until-passes-millerrabin )
asciilifeform: ( tldr : superiority of the FUCKGOATS-enabled approach, of get-new-N-bits-from-rng-then-primalitytest-until-done, vs the kochian get-N-bits-then-increment-until-passes-millerrabin )
mircea_popescu: the rng consumption will be significant though.
a111: Logged on 2017-02-14 19:19 asciilifeform: specifically, for every byte you intend to send, you instead send two: x, y. which you generate by obtaining rng byte r, and payload byte b, and x := b xor r, y := r
a111: Logged on 2016-12-24 01:11 asciilifeform: so one ~horrid~ padding algo would be to get a bitstring from my rng, xor the message to it, then send a message of 2x length of original consisting of: [the bitstring from rng][the result of the xor]
a111: Logged on 2017-02-14 19:19 asciilifeform: specifically, for every byte you intend to send, you instead send two: x, y. which you generate by obtaining rng byte r, and payload byte b, and x := b xor r, y := r
asciilifeform: well they still play cards, that get shuffled, just like 500 yrs ago. unless i misunderstood the rng remark.
asciilifeform: so can't be the rng
a111: Logged on 2017-07-22 17:57 mircea_popescu: asciilifeform reason why extinct is that no longer need deck for rng. which is ~all that was.
mircea_popescu: asciilifeform reason why extinct is that no longer need deck for rng. which is ~all that was.
a111: Logged on 2017-07-20 22:05 asciilifeform: not if you own an rng.
asciilifeform: not if you own an rng.
mircea_popescu: "has no internet connection, and no rng. can still use ?"
asciilifeform: bot node, generally, has nothing like an actual rng.
mircea_popescu: did you read the "whores moaning in orgasmic agony source of rng" thread ?
asciilifeform: ( that, or lovingly crafted bot with delay rng )