Show Idle (> d.) Chans
Results 1 ... 250 found in asciilifeform for 'rng' |
dulapbot: Logged on 2024-04-12 11:26:58 asciilifeform: lol re folx who did not even contemplate purchase of the original fg, suggesting rng costing ~10x moar
dulapbot: Logged on 2021-06-30 10:14:01 asciilifeform: puman: towards the end of the #t age, asciilifeform even devised rng which could, unlike FG, reliably fill a coupla GB pad in coupla min.
asciilifeform: it'd make a modicum of sense, hypothetically, for a much faster rng (tho even there -- usb2 oughta suffice)
asciilifeform lol re folx who did not even contemplate purchase of the original fg, suggesting rng costing ~10x moar
dulapbot: Logged on 2020-08-20 19:13:00 asciilifeform: Aerthean: near as i can tell, most computer users who even are aware of concept of rng, are satisfied with 'homeopathic' ones.
dulapbot: Logged on 2020-08-20 19:00:15 asciilifeform: it is also the case that rng as commercial product is a very questionable biz proposition. it takes quite a bit of 'adulthood' to even get to a place where you actually benefit from a 1000 $ rng. for instance, microshit victims dun really win anyffin from using whatever external rng.
dulapbot: (pest) 2024-03-20 asciilifeform: leaving, for the moment, mp along in his watery grave -- jfw et al are sumthing else strange. these folx had.. 5y! could've e.g. written 100% wurking trblike in ada or cl; baked the lyso rng or whatever irons; or even sumthing entirely new&unseen. but instead wat.
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2022-09-13#1113694 << ftr 2 key aspects of the design were : 1) FG doesn't receive commands from the connected comp at all, has only 3 wires (-, +, output) 2) the connected machine / os has nfi it's an rng, is simply a serial tty, only the operators knows that it is intended as rng
asciilifeform: a reasonable rng is 'part of balanced diet'
asciilifeform: FG does't save you from cpu boobytrap tho, it is only a rng
asciilifeform: a working rng will produce given string of 16 bytes a 2nd time some time after being hit by over9000 meteorites and sun burns out twice
asciilifeform: gregorynyssa: '16 bytes of garbage, exclusively for use as cipher nonce; obtained from a hardware TRNG where possible. This value is not used for any purpose following decryption.'
dulapbot: Logged on 2020-08-20 19:00:15 asciilifeform: it is also the case that rng as commercial product is a very questionable biz proposition. it takes quite a bit of 'adulthood' to even get to a place where you actually benefit from a 1000 $ rng. for instance, microshit victims dun really win anyffin from using whatever external rng.
asciilifeform brought along in briefcase coupla rng protos & a scope, did a kind of walkthrough for n00bs re theory of operation
dulapbot: Logged on 2021-01-04 18:14:23 asciilifeform: it's a lemon market, the homeopaths will always control the chump-change segment, while the crypto-ag types will control the golden-toilet segment. while actual rng that actually non-whiteningly worx, 'doesn't exist, never existed, what kinda terrorist are you to ask'
dulapbot: Logged on 2020-08-20 19:00:15 asciilifeform: it is also the case that rng as commercial product is a very questionable biz proposition. it takes quite a bit of 'adulthood' to even get to a place where you actually benefit from a 1000 $ rng. for instance, microshit victims dun really win anyffin from using whatever external rng.
verisimilitude: Oh, that's not an exaggeration; they do use an RNG of a sorts?
asciilifeform: verisimilitude: prng
verisimilitude: How could GCC be non-deterministic; does it call an RNG or use loosely-initialized values?
thimbronion: was wondeirng about that
billymg: he didn't get the updoots he was looking for here for his geiger rng so he switched to talking shit about trb instead
asciilifeform: ( for extra lulz, if anyone recalls, asciilifeform invented a machine which carries out 'plan for wealth' w/out leaving house -- connect rng to perl script bruteforce of shitoshi's privkeys, and pistol if wrong answer, aimed at yer head. has similar chance of 'working', but mp did not like, not 'manly' flavoured )
asciilifeform: lamer needs a trng like dog needs beets. afaik of the 200 sold, maybe handful ever plugged in.
asciilifeform: ( folx who read the schems know that the rng daughterboards in fact contain only the analogue part. 2x ea. )
asciilifeform: 'For better auditability, the RNG boards should have been simpler, with only the analog part of the RNG...' etc
asciilifeform: verisimilitude: you & yer station will be flattened by several asteroids , likely, long before you get accidentally valid packet outta rng
asciilifeform: 100% randomly ? i.e. 'xerxes' and 'delilah' come outta rng errytime ?
asciilifeform: i'ma guess this resulted in spam where sequential nonce or rng appended ?
asciilifeform: ... or the '90s pasttime where feed rng into the decompressor & get 'shannonized' shakspear
dulapbot: Logged on 2020-08-20 19:00:15 asciilifeform: it is also the case that rng as commercial product is a very questionable biz proposition. it takes quite a bit of 'adulthood' to even get to a place where you actually benefit from a 1000 $ rng. for instance, microshit victims dun really win anyffin from using whatever external rng.
asciilifeform: otherwise either will sit for rather long time to fill it, or exercise in prng delusion
asciilifeform: phf: easy if you've a fast trng
signpost: seems like yes, if you are able to produce the nth prng output. depends on that.
zx2c4: Good old debianrng
asciilifeform: 'worx great' 'nobody complains' just like nobody complained about the debianized rng until yrs after the fact..
dulapbot: Logged on 2020-08-20 19:00:15 asciilifeform: it is also the case that rng as commercial product is a very questionable biz proposition. it takes quite a bit of 'adulthood' to even get to a place where you actually benefit from a 1000 $ rng. for instance, microshit victims dun really win anyffin from using whatever external rng.
zx2c4: asciilifeform: Yea... I think most people generally figure their OS rng is "good enough" -- that interrupts and disk seek times and mouse movements and whatever else combine together to do something passable
asciilifeform: who wants to build auditable+unwhitened rng, can do so, all schematics, srcs, posted, in '16.
asciilifeform: zx2c4: fwiw long ago asciilifeform solved rng problem on pc inexpensively; 0 surprises for guessing how much money from it, etc
zx2c4: for the last few months ive been fixing the linux kernel rng, and obviously nobody with money cares about that
dulapbot: Logged on 2021-12-30 23:35:54 asciilifeform: d4: djb incidentally 'turned' (from '16 or so, openly advocates e.g. the use of prng in place of trng), and asciilifeform has 0 remaining respect for him.
shinohai: Is this the same zx2c4 that lurks here? https://www.zx2c4.com/projects/linux-rng-5.17-5.18/
whaack: they give you the mRNG
dulapbot: Logged on 2020-12-16 22:10:16 asciilifeform: as for the coin, the correct algo to 'hodl' is exactly same today as was in '09. i.e. your hdd has what's indistinguishable from rng output. and as for the key, maybe you once had it, but now lost in boating accident. and forgot where boated. (and if you can't stick to the story, will have to carry cyanide.)
asciilifeform: 1 hypothetically interesting application may be 'mining' the mswin rng in conjunction w/ prb privkey gen.
dulapbot: Logged on 2022-01-27 09:56:10 whaack: http://logs.bitdash.io/asciilifeform/2022-01-27#1076798 << have you found that this is necessary in the field? it does not rng, haven't had any problems yet
bitbot: Logged on 2022-01-27 01:35:38 asciilifeform: whaack: btw your arithmetic-puzzler doesn't seem to rng
whaack: http://logs.bitdash.io/asciilifeform/2022-01-27#1076798 << have you found that this is necessary in the field? it does not rng, haven't had any problems yet
asciilifeform: whaack: btw your arithmetic-puzzler doesn't seem to rng
dulapbot: Logged on 2021-09-13 15:10:22 asciilifeform: either that, or -- from asciilifeform's chalkboard -- erry message includes 2 additional 256bit fields . one is H256(R) where R is a rng turd. the other is the R from previous.
whaack: asciilifeform: from my investigation the brachial plexus gives genetic RNG on how the nerves are setup, so very possible you are lucky / mats and i are unlucky
dulapbot: Logged on 2021-09-13 15:10:22 asciilifeform: either that, or -- from asciilifeform's chalkboard -- erry message includes 2 additional 256bit fields . one is H256(R) where R is a rng turd. the other is the R from previous.
dulapbot: Logged on 2020-12-16 22:10:16 asciilifeform: as for the coin, the correct algo to 'hodl' is exactly same today as was in '09. i.e. your hdd has what's indistinguishable from rng output. and as for the key, maybe you once had it, but now lost in boating accident. and forgot where boated. (and if you can't stick to the story, will have to carry cyanide.)
asciilifeform: d4: djb incidentally 'turned' (from '16 or so, openly advocates e.g. the use of prng in place of trng), and asciilifeform has 0 remaining respect for him.
asciilifeform: ^ these hand-baked blue rngs actually became part of the 1st batch of fg, folx who buy from dpb have some chance of getting'em
dulapbot: Logged on 2020-12-16 22:10:16 asciilifeform: as for the coin, the correct algo to 'hodl' is exactly same today as was in '09. i.e. your hdd has what's indistinguishable from rng output. and as for the key, maybe you once had it, but now lost in boating accident. and forgot where boated. (and if you can't stick to the story, will have to carry cyanide.)
asciilifeform: jonsykkel: well to be pedantic, is simply a packet where command==0xff. but recommended to fill it up with rngolade, yes
jonsykkel: ignore paket is 428byte Message field full of rngolade?
punkman: "The idea for the LRNG design occurred during a study that I wrote for the German BSI" << german spook confirmed?
vex feels decidedly slovenly for not attempting to build alf's rng, particularly considering that I asked for extra notes more than once. Erry time, were promptly published.
asciilifeform: i.e. a tool which pisses trng bits at ~7kB/s outta serial line.
asciilifeform: and that's for a simple-as-hammer, comparatively, item, that was merely a rather slow rng !
asciilifeform: rng is not a trivial problem.
bonechewer: of course, and in particular otp walkie talkie needs no TRNG onboard. One operator with TRNG can pre-populate a bunch of pads onto microSD cards or such, for operator of OTPtron to insert
asciilifeform: this -- would be sane. for so long as you follow sane principles of rng as illustrated here -- separate grounds for analogue/digital/rng , shields, >1 indep. trng unit, etc
asciilifeform: i.e. if either A or B has a proper trng, the new key is 'of trng quality'.
asciilifeform: asciilifeform's proposed rekey algo, for reference : peer A takes 512bit sA from trng, sends sha512(sA) ('key offer') to peer B. the latter does same; sB; sends sha512(sB) to A. then A sends sA to B, who verifies that it hashes to the earlier hash; if yes, sends his 'key slice' similarly to A. new mutual key is sA ^ sB ^ the key they had the conversaion with.
asciilifeform: billymg: pest box (esp. after we've 'rekey') defo would win from a working trng.
asciilifeform: funnilyx9000, afaik to this day there's no straight patch to make trb run off fg (or any other iron trng)
asciilifeform: verisimilitude: funnily enuff, speaking of 2014, it's what asciilifeform spent good % of it doing -- discovering how to make a reliable unwhitened rng.
asciilifeform: shinohai: phunphakt, dun even need the tin, for modest rngism needs can simply use a toggle switch in place of the analogue board
dulapbot: Logged on 2020-08-20 19:00:15 asciilifeform: it is also the case that rng as commercial product is a very questionable biz proposition. it takes quite a bit of 'adulthood' to even get to a place where you actually benefit from a 1000 $ rng. for instance, microshit victims dun really win anyffin from using whatever external rng.
dulapbot: Logged on 2021-07-07 23:13:39 asciilifeform: is why, for instance, there are 'over 9000' whitening pseudo-trngs on the market today, but the only nonwhitening, shielded trng had print run of 200 , half of which was sold at the bankruptcy hammer
PeterL: if you use a prng to generate a stream of blocks, you could give each of your friends a different seed to the prng so that they do not overlap?
signpost: iirc he contemplates sending a whole table of edges to the other side, which doesn't seem at all necessary. other side just fires up the same prng with same params.
dulapbot: Logged on 2021-09-21 21:23:16 asciilifeform: jonsykkel: let's suppose that, for whatever reason, FZ_Random(RNG, Stack(SP)) does ~not~ overwrite Stack(SP) with rngolade. (why not? dunno, dr.evil put a nop there via telepathy. or 'smart' os. or whatever.) wouldntcha rather have easily spottable, with naked eye, result of 0 for the '?' call ? vs 'random-looking' but equally-predictable stack soup.
asciilifeform: jonsykkel: let's suppose that, for whatever reason, FZ_Random(RNG, Stack(SP)) does ~not~ overwrite Stack(SP) with rngolade. (why not? dunno, dr.evil put a nop there via telepathy. or 'smart' os. or whatever.) wouldntcha rather have easily spottable, with naked eye, result of 0 for the '?' call ? vs 'random-looking' but equally-predictable stack soup.
asciilifeform: either that, or -- from asciilifeform's chalkboard -- erry message includes 2 additional 256bit fields . one is H256(R) where R is a rng turd. the other is the R from previous.
asciilifeform: btw imho oughta permit >508, but with proviso that the excess bytes are rngola and uninterpreted.
asciilifeform: jonsykkel: you're probably thinking of this one
dulapbot: Logged on 2020-08-20 19:00:15 asciilifeform: it is also the case that rng as commercial product is a very questionable biz proposition. it takes quite a bit of 'adulthood' to even get to a place where you actually benefit from a 1000 $ rng. for instance, microshit victims dun really win anyffin from using whatever external rng.
dulapbot: Logged on 2021-09-07 14:53:04 asciilifeform: so new key is properly entropic for so long as 1 side has a working rng.
asciilifeform: so new key is properly entropic for so long as 1 side has a working rng.
asciilifeform: proposed mechanism : 2 msg types for this, 'rekey-a' (payload 512bit of trng) and 'rekey-b' (ditto)
dulapbot: Logged on 2021-09-02 10:41:34 asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-09-02#1055967 << geigers are by far not the worst way for makeshift rng (supposing you debias correctly and don't try to pretend that it's good for multi-kB/s somehow -- it aint, not even at chernobyl, on acct of tube deadtime)
dulapbot: Logged on 2021-09-04 19:14:50 raw_avocado: Yo guys i finaly made a RNG
raw_avocado: Yo guys i finaly made a RNG
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-09-03#1056231 << ftr asciilifeform strongly suspects that it may be moar profitable to 'mine' privkeys (not, obv., via brute force, but guided by known and yet-to-be-found shit-rng lulz) than to mine conventionally
asciilifeform: seekrit oughta simply be a 256b rng turd in base64
asciilifeform: shinohai: the linked page doesn't even mention wtf it was he did to go from geiger clicks to rng output
dulapbot: Logged on 2020-08-20 18:25:37 asciilifeform: ( and asciilifeform realizes that 100% of folx who traditionally care about fast pulse, use PMTs. but i rejected'em for same reason as rejected geigers -- they require HV, which requires oscillators; and they ~age~ detectably, which is unacceptable in rng )
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-09-02#1055967 << geigers are by far not the worst way for makeshift rng (supposing you debias correctly and don't try to pretend that it's good for multi-kB/s somehow -- it aint, not even at chernobyl, on acct of tube deadtime)
thestringpuller: well the RNG to generate teh keys
dulapbot: Logged on 2021-07-29 15:23:59 asciilifeform: but i've yet to see someone who is using camera as trng do this. (btw if you must do so, copper foil over the objective.)
asciilifeform: instead of rng.
asciilifeform: depending on what the victim is doing with his broken rng, different approach (e.g. if rsa or ecdsa -- solve lattice)
asciilifeform: whaack: in practice, bias in rng comes usually in discrete ('erry 5th bit is a 1') rather than continuous ('weighted coin') form
whaack: asciilifeform: ah, i may have been grouping the terms bias and sequential correlation together. If the only 'bias' is that bit 1 appears more frequently, then since all rng input can be transposed to a bitstream, attacking an rng with this type of bias could be done by prioritizing the search of all N bit streams with arrays starting with all 1s (most individually likely outcome) , then all 1s
asciilifeform: whaack: note that bias in the usual sense aint the only possible rng failure. there's also, e.g., sequential correlation.
whaack: asciilifeform: is there a way to attack a bias'd rng without knowing what the bias is?
dulapbot: Logged on 2021-07-29 15:23:59 asciilifeform: but i've yet to see someone who is using camera as trng do this. (btw if you must do so, copper foil over the objective.)
dulapbot: (trilema) 2017-05-22 asciilifeform: and yes, this is still same old tests, nothing magically different about them, there will ~never~ be a mechanical test for 'good rng'
asciilifeform: raw_avocado: moar log pointers, if you're genuinely interested in subj.
raw_avocado: Well, the idea was not to use it as an RNG for the box, but use a picture to create a BIP39 seed.
asciilifeform: but i've yet to see someone who is using camera as trng do this. (btw if you must do so, copper foil over the objective.)
asciilifeform: raw_avocado: camera, in fact, is a fairly good source of entropy. but it gives great temptation to user, to pipe it directly through a hash, so to resemble a MB/s+ rng; but in reality it gives approx. same actual entropy as FG ( < 10kB/s )
asciilifeform: raw_avocado: failure in iron rng typically happens in the analogue component. if the digitizer/post-processor 'whitens', the failure will not be detectable (via sample & util such as 'ent') because hash makes even /dev/zero into a soup which passes all statistical tests, despite being trivially predictable.
asciilifeform: raw_avocado: i aint trolling. rng is a safety-critical component if you're a rsa or bitcoin user. if you had to jump with a parachute tomorrow, would you ask randos on a forum how to sew one ?
raw_avocado: http://btcbase.org/data/fg/trng_tw.png][analogue] << this is not the right one
asciilifeform: raw_avocado: start w/ the analogue board.
bonechewer: To allow N correspondents to communicate, the guy with the TRNG generates N^2 pads, each of which allows two correspondents to communicate
bonechewer: of course! need to pre-fill the OTP with a quality TRNG. That is separable, though, from the handheld client device.
asciilifeform: bonechewer: you need FG or equiv. in there, if yer doing otp, you live & die by trng quality.
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-24#1048529 << for lulz created by dud rng's -- indeed don't need the pubkey
billymg: fuckgoats, asciilifeform's TRNG product
vex: old english isn't my storng suit. I like hearing your write it tho
dulapbot: Logged on 2021-07-07 23:13:39 asciilifeform: is why, for instance, there are 'over 9000' whitening pseudo-trngs on the market today, but the only nonwhitening, shielded trng had print run of 200 , half of which was sold at the bankruptcy hammer
asciilifeform still, nearly 5y after FG release, and 7+y since started serious work on rngs, entertained by the studious avoidance of the 'open sores' types of the approaches which actually work and don't require 8cores of GHz cpu running GBs of whatever braindamage
asciilifeform: punkman: his rng article also lulzy, where he shits out kilometre of sophistry to pretend that he aint whitening
punkman: portable fpga device and something about it's trng
dulapbot: Logged on 2021-07-08 12:58:36 asciilifeform: thestringpuller: there's ~0 advantage from using an iron rng (and a slow one) in a game imho.
verisimilitude: A PRNG is going to be preferable for a game, in most cases, just for the determinism, unless I've misunderstood the game this is.
asciilifeform: thestringpuller: there's ~0 advantage from using an iron rng (and a slow one) in a game imho.
thestringpuller: asciilifeform: experimenting with some game mechanics that require RNG - nothing revolutionary or mind blowing.
bonechewer: So what design TRNG could do megabytes per second without an A-D?
asciilifeform: linked piece is exactly the kind of gratuitously complex garbage that the swiss.usg types selling $20k+ rngs (which whiten!) traditionally push.
asciilifeform: or lol this aint a purpose-built rng at all is it.
bonechewer: yes, trustworthy TRNG should not use Xi Jinping's USB PHY
asciilifeform: the tricky bit is to get trng that can fill up a pair of'em in something like reasonable time.
bonechewer: An honest trng could, though, be part of a solution to the problem "$REGIME keeps reading my text messages"
asciilifeform: modern man usually is not buying hammer, or rng, per se, but rather a fantasy which comes in the box with the hammer.
bonechewer: A trng on its own does not solve anyone's problem.
bonechewer would not expect any trng to be a commercial success
asciilifeform: is why, for instance, there are 'over 9000' whitening pseudo-trngs on the market today, but the only nonwhitening, shielded trng had print run of 200 , half of which was sold at the bankruptcy hammer
bonechewer: would it not be possible to use one's own secrets and ignore the TRNG?
bonechewer: their TRNG is not auditable, so I wouldn't trust it, but the ability to sign transactions air-gapped seems convenient
asciilifeform: a box that picks up 'voice of america' is not a trng. and to refer to it as one is fraudulent.
asciilifeform: bonechewer: didntcha say 'trng' ?
bonechewer: re: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-07#1043841 , this item seems at least well thought out, not that I would trust a hidden purported-TRNG
asciilifeform: the software that benefits from trng simply aint there yet.
dulapbot: Logged on 2020-08-20 19:00:15 asciilifeform: it is also the case that rng as commercial product is a very questionable biz proposition. it takes quite a bit of 'adulthood' to even get to a place where you actually benefit from a 1000 $ rng. for instance, microshit victims dun really win anyffin from using whatever external rng.
asciilifeform: the 'screen door on submarine' aspect of these 'sexy' machines also aint lost on asciilifeform . hardware rng, this, that, simply to use w/ prb !!
asciilifeform vaguely recalls reading the vendor's materials and looking for whether this one, unlike the 8999 before it, shielded the rng
shinohai: I was talking to this other guy about fuckgoats and trng, and he posted that up and it spread tonite lol
gregory4: however, he must make his choice within a window of N seconds, or the PRNG is re-seeded.
gregory4: another way is to use network-history to seed a PRNG, and use that to give permission to a particular peer to determine the difficulty of the next epoch.
asciilifeform: thestringpuller: owning a working trng solves ~one~ traditional difficulty w/ otp; but certainly not all.
asciilifeform: thestringpuller: if you had a magical rng which -- while being trng -- exists in 2 and strictly 2 synchronized copies somehow -- you would not need to transport pads. but no such item exists (or is likely to)
asciilifeform: in modern times this takes the form of e.g. 2 hdd's, filled w/ rngolade, and each block is erased after use
thestringpuller: asciilifeform: qq. if I wanted to do OTP from the colo using FG as my RNG. would i encrypt the rng payload I send to myself to prevent interception? sorry if this is non-sensical question.
asciilifeform: thestringpuller: the various keychains which sold as 'otp' don't have much to do with the subject, they are sold as 'one time password' device, but pw is actually generated from a ~prng~ inside, which is seeded with same seed as on server end, and synchronized (typically w/ clock)
dulapbot: Logged on 2021-06-30 10:08:38 asciilifeform: puman: the thing is, otp ~per se~ is as simple as a shovel, once you understand why the pad gotta be same length as the payload and never reused. 100% of the traditional difficulty is the rng.
asciilifeform: puman: towards the end of the #t age, asciilifeform even devised rng which could, unlike FG, reliably fill a coupla GB pad in coupla min.
snsabot: (trilema) 2015-08-21 asciilifeform: otp has precisely three weaknesses even in principle: generation of key (solved by civilized rng); reuse of key (solved by erasing each bit immediately after it is used in a xor); capture of key by enemy (in common with any other cipher! and solved with grenade pin)
asciilifeform: puman: the thing is, otp ~per se~ is as simple as a shovel, once you understand why the pad gotta be same length as the payload and never reused. 100% of the traditional difficulty is the rng.
signpost: at any rate, I can only express my gratitude that I own trustworthy RNGs to asciilifeform.
dulapbot: Logged on 2021-01-06 22:56:33 asciilifeform: trinque: re 'profit centers', asciilifeform was cured of this notion when rubbed face 1st into e.g. 'no, there is not market for uncensored undns'd hosting', 'no, there aint a silent majority yearning for nonwhitened trng', etc
verisimilitude: It was disconcerting to read an expert discussing his RNG setup; had I not known better, whitening would've seemed fine. After all, it gives the RNG output even when it's not ready, which he needs as a professional who knows what he's doing.
dulapbot: Logged on 2021-01-06 22:56:33 asciilifeform: trinque: re 'profit centers', asciilifeform was cured of this notion when rubbed face 1st into e.g. 'no, there is not market for uncensored undns'd hosting', 'no, there aint a silent majority yearning for nonwhitened trng', etc
asciilifeform recalls in ye olde #t there was a thread erry yr or so, re 'wallets' ; erry linked example had either 'mystery meat' design, i.e. closed, or known rubbish trng; and all of'em required prb on pc end to function..
adlai: s/hash function/prng/, there are quite likely already 'best' (and worst) practices about generating this kind of oracle.
snsabot: Logged on 2021-03-09 09:58:01 adlai: my hesitation for writing the, honestly, rather trivial erasure coding, is that there is no specified prng
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-03-09#1033016 << for this application, do not actually need 'cryptographically serious' prng ( e.g. blumblumshub ) but simply one that (1) reasonably fast (2) with long period. if want concrete spectrum, can transform artificially.
adlai: so, my thinking is that a sane erasure code assumes that prng params are part of the broadcaster address.
adlai: my hesitation for writing the, honestly, rather trivial erasure coding, is that there is no specified prng
asciilifeform: adlai: it's a typical crackpot piece a la ye olde sci.crypt newsgroup. reduces to vernam otp + prng. lulzy claim of 'and so we proved p!=np' .
asciilifeform: adlai: you may find it interesting that the 'roulette' was orig. played w/ a nagant -- where the cylinder in fact spins freely. i.e. is ~biased~ rng.
snsabot: Logged on 2020-08-20 19:00:15 asciilifeform: it is also the case that rng as commercial product is a very questionable biz proposition. it takes quite a bit of 'adulthood' to even get to a place where you actually benefit from a 1000 $ rng. for instance, microshit victims dun really win anyffin from using whatever external rng.
asciilifeform: trinque: re 'profit centers', asciilifeform was cured of this notion when rubbed face 1st into e.g. 'no, there is not market for uncensored undns'd hosting', 'no, there aint a silent majority yearning for nonwhitened trng', etc
snsabot: Logged on 2020-08-20 19:14:15 asciilifeform: there are some euro firms who offer 20,000+ $ 'golden toilet' rng. i investigated, all of'em whiten.
asciilifeform: it's a lemon market, the homeopaths will always control the chump-change segment, while the crypto-ag types will control the golden-toilet segment. while actual rng that actually non-whiteningly worx, 'doesn't exist, never existed, what kinda terrorist are you to ask'
asciilifeform: mats: even more so, the homeopathic trng that comes w/ x86 cpu, costs 0
mats: theres definitely a lot of bad devices you only have to pay $40 to own, like onerng
snsabot: Logged on 2020-08-20 19:00:15 asciilifeform: it is also the case that rng as commercial product is a very questionable biz proposition. it takes quite a bit of 'adulthood' to even get to a place where you actually benefit from a 1000 $ rng. for instance, microshit victims dun really win anyffin from using whatever external rng.
snsabot: Logged on 2020-08-20 18:41:27 asciilifeform: Aerthean: whole point of using scintillator, is to remove, as much as physically possible, any external influence on the rng output, either manmade or natural. external meaning from anywhere outside the box.
asciilifeform: verisimilitude: the fpga in fg was used strictly 'as modem'. see also.
asciilifeform: verisimilitude: you'll still need an analogue source of trngism.
snsabot: Logged on 2020-12-16 22:10:16 asciilifeform: as for the coin, the correct algo to 'hodl' is exactly same today as was in '09. i.e. your hdd has what's indistinguishable from rng output. and as for the key, maybe you once had it, but now lost in boating accident. and forgot where boated. (and if you can't stick to the story, will have to carry cyanide.)
asciilifeform: as for the coin, the correct algo to 'hodl' is exactly same today as was in '09. i.e. your hdd has what's indistinguishable from rng output. and as for the key, maybe you once had it, but now lost in boating accident. and forgot where boated. (and if you can't stick to the story, will have to carry cyanide.)
snsabot: Logged on 2020-08-20 19:00:15 asciilifeform: it is also the case that rng as commercial product is a very questionable biz proposition. it takes quite a bit of 'adulthood' to even get to a place where you actually benefit from a 1000 $ rng. for instance, microshit victims dun really win anyffin from using whatever external rng.
asciilifeform: genning with gpg, however, is problematic.
asciilifeform: and recall this.
asciilifeform: just to take the fact, for instance, that i did not own a trng when generated that key..
asciilifeform: adlai: as i understand , you like 'contrarian for own sake', but this is not ultimately smart, it leads folx to become 'meat rng' .
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2020-09-27#1022559 << btw that piece is epic, goebbels-level job, btw. damn near ~all~ of the assertions in it were outright lies ( from '256bits from urandom contain 256bits of entropy' to 'impossible to predict outcome from previous bits' to (implicit!) 'ALL rng must whiten' , etc )
adlai: without any randomness whatsoever, these become identical; with trng, they become maximally different.
adlai: not quite; the hypothetical nonrandom strategy is not supposed to be indistinguishable from trng, since it is only profitable due to the quirks of its non-randomness; the indistinguishability is within specific timeframes, smaller than the resolution at which the profit is expected.
asciilifeform: though to me still seems like an elementary failure in the original intent (i.e. nonrandom strategy but ideally indistinguishable from trng to folx w/out the key)
asciilifeform: adlai: right, i get this part - same reason mirv warheads have onboard trng..
adlai: you dunget the answer to an overly general problem, that neither of us stated; specifically, in the context of timing market orders, a TRNG does not increase profit; it reduces expected expense, by increasing overhead for someone counter-trading your specific strategy.
asciilifeform: possibly i dunget it ? what can 'sufficiently attentive observer' do against a trng ?
asciilifeform: the correct way to keygen is to pump straight from iron rng. Just Say No to kochism.
asciilifeform: verisimilitude: be aware of known bugs .
asciilifeform: agreed to it because had already sworn the oath; and because 'can demonstrate that sane and usable trng can exist'
asciilifeform: there are some euro firms who offer 20,000+ $ 'golden toilet' rng. i investigated, all of'em whiten.
asciilifeform: Aerthean: near as i can tell, most computer users who even are aware of concept of rng, are satisfied with 'homeopathic' ones.
asciilifeform: Aerthean: right. if i ever do sell the lyso rng, it'll be part of e.g. self-contained OTPtron, or similar.
asciilifeform: it is also the case that rng as commercial product is a very questionable biz proposition. it takes quite a bit of 'adulthood' to even get to a place where you actually benefit from a 1000 $ rng. for instance, microshit victims dun really win anyffin from using whatever external rng.
asciilifeform: for all the surface simplicity of trng, it is surprisingly hard to get 100% right, esp. if you are unwilling to lie to yourself & others via 'whitenings'.
asciilifeform: right, afaik erry trng ever marketed, other than mine, committed this sin
Aerthean: I remember reading the paper you posted about an RNG that used a Zener I think.
asciilifeform: this includes power supply. (in purely electronic rng, yer stuck w/ battery power if you want troo isolation in the above sense.)
asciilifeform: Aerthean: whole point of using scintillator, is to remove, as much as physically possible, any external influence on the rng output, either manmade or natural. external meaning from anywhere outside the box.
asciilifeform: e.g. if it's picking up 'voice of america', it aint a trng.
asciilifeform: most naive attempts at electronic rng, for instance, are really picking up local radio
asciilifeform: a trng that even in theory can be influenced by nearby rf, is a rubbish
asciilifeform: Aerthean: right, but presumably you weren't trying to make trng.
asciilifeform: ( and asciilifeform realizes that 100% of folx who traditionally care about fast pulse, use PMTs. but i rejected'em for same reason as rejected geigers -- they require HV, which requires oscillators; and they ~age~ detectably, which is unacceptable in rng )
asciilifeform: Aerthean: aah, but the lower the deadtime, the better bitrate of rng.
asciilifeform: Aerthean: currently this item not a priority for asciilifeform , as his previous attempt to market a much cheaper, wholly electronic rng was not a success.
asciilifeform: Aerthean: idea is, the rng should not depend on external events at all.
asciilifeform: newland0: the gnarl of traditional gpg , and the garbage hardware it runs on, are problems that i've worked on for many yrs. the former, i am attacking by slowly baking a fits-in-head replacement ; against the latter, built a RNG , and continuing to work on yet-other irons even nao.
snsabot: (ossasepia) 2020-07-17 jfw: and *sigh* it was originally a ~$35 TRNG; vendor closed but the schematics are there waiting for someone to step up and make more
asciilifeform: re os knobs, the only ones used in ffa/peh are command line param eater, and opener of rng device. errything else is device-agnostic. (i.e. will run anywhere with a reasonably large memory for stack)
shinohai: It's not like the chimps from places like, say blockchain.com, can do any better than toy store dice. iirc they produced rng that spit out same privkey for hundreds of wallets.
asciilifeform will leave alone for nao the q of whether ordinary toy store dice are suitable for safety-critical rng...
asciilifeform: i.e. if it so happens that only house wins at vegas for week straight, inspectors come to test the rngs. whereas at nyse etc this is routine and folx will even laugh if you complain.
snsabot: (trilema) 2017-03-02 asciilifeform: a 'secure prng' is fundamentally THE SAME animal as the 'secure hash' and the 'secure blockcipher'.
asciilifeform: they also laser cut metals. iirc it was there that i had templates cut for solderpaste on orig. rng prototype when i was still making those by hand.
asciilifeform: the pc arch simply offers no 100% satisfying place to plug in rng. imho i picked the least retarded one (100% of the gear in my machine room, whether from 1980s or present day, offers serial)
asciilifeform: it's a serial device, and sends rng bytes. which requires a 8-bit-clean tty, which linux does ~not~ by default give.
asciilifeform: linking urandom (if you have it on the machine at all) to a 7kB/s rng is imho painful (when do you use urandom? typically it's when you need coupla MB of liquishit , ~quickly~, and quality dun matter much )
asciilifeform: try sell honest rng ? konsoomer: 'intel included RDRAND on die' . try sell proper inline disk cryptor? konsoomer: 'why should i buy 1000 $ box , samsung includes password feature'
asciilifeform: the (a) folx continue to buy crypto-ag & co's $20,000 'quantum' black box (welded shut.) (b) continues to happily lap up e.g. intel's on-die rng.
asciilifeform: when the paper 'wealth' turns to toilet paper, they will have what they managed to physically build -- railroads, mines, cardboard ghost towns, etc.; and won't have, what didn't build (native 'fits in head' cpu arch; native os; crystallography labs that don't simply pull coordinates outta rng to fill paper queue, and could go on) and no more/no less.
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2020-01-21#1005418 << noncritical ( tetris ? ) can carry internal prng.
asciilifeform: ( and imho rng output has no biz sitting around in a 'pool' where it might, potentially, get read twice )
asciilifeform: erry moving part one puts b/w rng and the consuming proggy, is a potential mine
asciilifeform: mp et al are baking a FG-to-/dev/random patch but imho is Wrong Thing, os has no biz knowing where yer rng is
asciilifeform: pretty common linear feedback reg. prng algo
asciilifeform: shinohai: i'ma fix the warnings crapola in the next rev ( sig verification obv. dun use rng )
asciilifeform: if one insists, for whatever reason, on manipulating rng output via e.g. hashes, do it on software end. but don't lie to the purchaser of the iron and say that sha(whatever) is 'entropy', sha(1234....infinity) will fool 100% of mathematical 'entropy test' while being cryptographically worthless just the same.
asciilifeform: imho it is not the least bit difficult to build proper rng. ( esp. given that asciilifeform published 100% schematics. ) but somehow folx studiously avoid doing it.
asciilifeform: ditto if the thing 'whitens' (i.e. puts the bits through a hash or similar, disguising a possibly-dead analogue end) . which i've found 100% of heathen rng in fact do.
verisimilitude: As for the RNG, what's your opinion on this piece?
snsabot: Logged on 2019-11-28 00:26:52 asciilifeform: shinohai: i've many interesting things lined up. incl. for phuctor. such as e.g. previously-unmolested classes of weak key .
snsabot: Logged on 2019-11-15 15:53:11 asciilifeform: jfw: i'm baking a run of new high-bandwidth rng (early 2020 tentatively) but given mp's curse i expect plenty of folx will stick to the classic one , i expect you'll have a lively market
feedbot: http://bvt-trace.net/2019/12/keccak-hashing-for-kernel-rng/ << bvt's backtrace -- Keccak Hashing for Kernel RNG
asciilifeform: shinohai: i've many interesting things lined up. incl. for phuctor. such as e.g. previously-unmolested classes of weak key .
asciilifeform: re used vs new -- fwiw fg (unlike e.g. zenerdiode-based rng's) does not measurably wear out ( at least over the timescale it has existed for , for asciilifeform to take measurements. )
jfw: Ah. Well I went with the bird-in-the-hand option; slow rng way better than no rng. If these move I might look into learning to bake my own
asciilifeform: jfw: i'm baking a run of new high-bandwidth rng (early 2020 tentatively) but given mp's curse i expect plenty of folx will stick to the classic one , i expect you'll have a lively market
|
Random(asciilifeform) | Download hourly DB snapshot | Get Source Code