Results 1 ... 24 found in all logged channels for 'rng enemy'
(pest) asciilifeform: ( given that transmitted chunks are reorderable, potentially, using an actual trng -- 'enemy may infer order' failure mode can be ruled out )
(asciilifeform) asciilifeform: raw_avocado: moar log pointers, if you're genuinely interested in subj.
(asciilifeform) snsabot: (trilema) 2015-08-21 asciilifeform: otp has precisely three weaknesses even in principle: generation of key (solved by civilized rng); reuse of key (solved by erasing each bit immediately after it is used in a xor); capture of key by enemy (in common with any other cipher! and solved with grenade pin)
(trilema) asciilifeform: ( like all other possible rng tests, presupposes that the device is in fact an rng, rather than e.g. tape playing back an old rng run while enemy dies of laughter )
(trilema) asciilifeform: the method where you exchange cards, has 2 wins: it is not enuff for enemy to get copy of simply 1 card, must get one of each ; and rng failure on 1 side doesn't sink you, you get combined reliability of the 2 rng's ( perhaps yours is of 1 type, and other fella's -- another )
(trilema) asciilifeform: since the debian incident, enemy stepped up the 'NOBUS' crapola; no noar '32768 possible keys, total', instead things moar in the spirit of http://qntra.net/2016/08/rng-whitening-bug-weakened-all-versions-of-gpg
(trilema) asciilifeform: incidentally the 'pull out rng 'a', then 'b', then 'both', then...' test is a low-tech preventer of 'enemy intercepts parcel and reflashes the cpld to shit marsaglia prng'.
(trilema) asciilifeform: ( tangentially, asciilifeform disrecommends the use of even numbers of XORed rngs in any system. incl. FGs. if enemy can somehow contrieve to tie the wires together, you will end up with 0,0,0.... )
(trilema) asciilifeform: phf: not only schematic above dun explode, but ideally it would not even zero key, but rngize, so enemy has nfi whether trap sprung or not
(trilema) asciilifeform: massive pile of moving parts, aes, various post-conversion bernsteinisms, null ciphers, 'this is faster on 32-bit cpu so we're using it', let's-give-enemy-raw-bytes-from-prng, and other jokes.
(trilema) Framedragger: also, ip packets with custom proto number would (1) stand out more easily to enemy, and could be more easily filtered out (vs. udp header with rng-data within) - see how chinese firewall blocked tor bridges etc etc; and (2) i'm sure quite a few appliances would filter them out by default (like how they filter out icmp, etc.)
(trilema) asciilifeform: and not only in the sense of 'having 1 rng on the physical iron is braindamaged' but doing the mixing in a centralized place, known in advance to the enemy, is likewise idiotic
(trilema) asciilifeform: (consider one especially disastrous meltdown: in the merkle tree variant of lamport's signature scheme, you are hashing over RNG output. so if ANY collision whatsoever can be found, the enemy can forge signatures at will.)
(trilema) asciilifeform: 'some sort of noise' is very low bar, actual battlefield rng needs a number of other properties (chiefly, difficulty for the enemy in influencing or predicting the output)
(trilema) asciilifeform: enemy can only learn something from a worn rng if the owner himself had no way to meaningfully measure wear.
(trilema) asciilifeform: other interesting question, imho, re any rng, is - how much does enemy learn if he captures it
(trilema) ascii_field: and the conversation, from first packet onwards, must be indistinguishable from rng garbage to the enemy.
(trilema) assbot: Logged on 25-11-2013 03:41:29; asciilifeform: the essential, non-negotiable property of an rng suitable for crypto is that its output must not be readily available to the enemy.
(trilema) asciilifeform: otp has precisely three weaknesses even in principle: generation of key (solved by civilized rng); reuse of key (solved by erasing each bit immediately after it is used in a xor); capture of key by enemy (in common with any other cipher! and solved with grenade pin)
(trilema) ascii_field: thing is, rng needs attributes ~other~ than 'shits entropy'. namely, not to be correlated with variables manipulable or monitorable by enemy
(trilema) ascii_field: Apocalyptic: the precaution taught in school is that 'prng is bad because enemy might learn the seed.' which is a 'lie of omission' - given the existence of a relation between bit N and bit N+1, enemy may have the means to infer N+1 (and N-1) from N
(trilema) asciilifeform: incidentally, i will use this occasion to point out that prng is not deadly because enemy can somehow get the exact bits again
(trilema) asciilifeform: the essential, non-negotiable property of an rng suitable for crypto is that its output must not be readily available to the enemy.