One wants maximum entropy not only from one's RNG but also from one's
discussions about randomness.
Sadly, entropy is measured based on the level of surprise at the
content, and the level of surprise is going down in the current
discussion. As surprise goes to zero, so does interest on the part
On 09/13/2013 11:32 PM, Jerry Leichter wrote:
On Sep 12, 2013, at 11:06 PM, Marcus D. Leech wrote:
There are a class of hyper-cheap USB audio dongles with very uncomplicated
mixer models. A small flotilla of those might get you some fault-tolerance.
My main thought on such things relates to
On Sep 12, 2013, at 11:06 PM, Marcus D. Leech wrote:
There are a class of hyper-cheap USB audio dongles with very uncomplicated
mixer models. A small flotilla of those might get you some fault-tolerance.
My main thought on such things relates to servers, where power consumption
isn't
At 08:32 PM 9/13/2013, Jerry Leichter wrote:
If by server you mean one of those things in a rack at Amazon or
Google or Rackspace - power consumption, and its consequence,
cooling - is *the* major issue these days. Also, the servers used
in such data centers don't have multiple free USB
On 09/12/2013 10:38 PM, Thor Lancelot Simon wrote:
The audio subsystem actually posed *two* obvious opportunities:
amplifier noise from channels with high final stage gain but connected
by a mixer to muted inputs, and clock skew between system timers and
audio sample clocks. The former
On Tue, Sep 10, 2013 at 10:59 AM, Marcus D. Leech mle...@ripnet.com wrote:
I wonder what people's opinions are on things like the randomsound daemon
that is available for Linux.
I have not looked at that. A well thought out well documented
RNG based on a sound card is:
On 09/10/2013 12:04 PM, Rob Kendrick wrote:
I wonder what people's opinions are on things like the randomsound
daemon that is available for Linux.
Daniel Silverstone, the author, specifically advises people to not use
it. :)
I haven't actually looked at the code. Conceptually, anything with an
On Tue, Sep 10, 2013 at 10:59:37AM -0400, Marcus D. Leech wrote:
I wonder what people's opinions are on things like the randomsound
daemon that is available for Linux.
Daniel Silverstone, the author, specifically advises people to not use
it. :)
B.
I wonder what people's opinions are on things like the randomsound
daemon that is available for Linux.
Similarly, any hardware with an ADC input can be used as a hardware
random noise source, simply by cranking up the gain to suitable levels
where the low-order bit is sampling thermal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 7, 2013, at 5:09 PM, Perry E. Metzger pe...@piermont.com wrote:
Note that such systems should at this point be using deterministic
methods (hashes of text + other data) to create the needed nonces. I
believe several such methods have been
On Sep 6, 2010, at 10:49 PM, John Denker wrote:
If you think about the use of randomness in cryptography, what
matters
isn't really randomness - it's exactly unpredictability.
Agreed.
This is a very
tough to pin down: What's unpredictable to me may be predictable to
you,
It's easy
On Tue, 7 Sep 2010 22:22:57 -0400 Jerry Leichter leich...@lrw.com
wrote:
On Sep 6, 2010, at 10:49 PM, John Denker wrote:
It's easy to pin down. If it's unpredictable to the attacker,
it's unpredictable enough for all practical purposes.
I was talking about mathematical, even philosophical,
On Tue, Sep 07, 2010 at 10:22:57PM -0400, Jerry Leichter wrote:
But there isn't actually such a thing as classical thermodynamical
randomness! Classical physics is fully deterministic. Thermodynamics uses
a probabilistic model as a way to deal with situations where the necessary
On 09/06/2010 09:49 PM, John Denker wrote:
If anybody can think of a practical attack against the randomness
of a thermal noise source, please let us know. By practical I
mean to exclude attacks that use such stupendous resources that
it would be far easier to attack other elements
On 09/07/2010 10:21 AM, Marsh Ray wrote:
If anybody can think of a practical attack against the randomness
of a thermal noise source, please let us know. By practical I
mean to exclude attacks that use such stupendous resources that
it would be far easier to attack other elements
On 09/07/2010 11:19 AM, Perry E. Metzger wrote:
2) You can shield things so as to make this attack very,
very difficult.
I suspect that for some apps like smart cards that might be hard.
OTOH, it might be straightforward to detect the attempt.
We should take the belt-and-suspenders
On 09/07/2010 12:58 PM, John Denker wrote:
On 09/07/2010 10:21 AM, Marsh Ray wrote:
If anybody can think of a practical attack against the randomness
of a thermal noise source, please let us know. By practical I
mean to exclude attacks that use such stupendous resources that
it would be far
On Tue, 07 Sep 2010 11:56:25 -0700 John Denker j...@av8n.com wrote:
The true noise level depends only on gain, bandwidth,
temperature, and resistance. Blasting the system
with RF will not lower the temperature, so that's
not a threat.
One could, however, run the card one is trying to attack
On 09/07/2010 02:18 PM, Perry E. Metzger wrote:
The question is, can you make it more expensive to do that than to,
say, buy a new parking card or whatever else the smart card is being
used for. If the attack is fairly cheap and repeatable and yields
something reasonably valuable, you have a
On Aug 3, 2008, at 13:54, Alexander Klimov wrote:
If your p-value is smaller than the significance level (say, 1%)
you should repeat the test with different data and see if the
test persistently fails or it was just a fluke.
Or better still, make many tests and see if your p-values are
On Mon, 4 Aug 2008, Stephan Neuhaus wrote:
Or better still, make many tests and see if your p-values are
uniformly distributed in (0,1). [Hint: decide on a p-value for that
last equidistribution test *before* you compute that p-value.]
Of course, there are many tests for goodness of fit
Hi Ben,
http://www.cacert.at/cgi-bin/rngresults
Are you seriously saying that the entropy of FreeBSD /dev/random is 0?
Thanks for the notice, that was a broken upload by a user.
Best regards,
Philipp Gühring
-
The
On Thu, 31 Jul 2008, Pierre-Evariste Dagand wrote:
Just by curiosity, I ran the Diehard tests[...]
Sum-up for /dev/random:
Abnormally high value: 0.993189 [1]
Abnormally low value: 0.010507 [1]
Total: 2
Sum up for Sha1(n):
Abnormally high values: 0.938376, 0.927501 [2]
Abnormally low
In 1951, John von Neumann wrote:
Any one who considers arithmetical methods of producing random digits
is, of course, in a state of sin.
That may or may not be an overstatement.
IMHO it all depends on what is meant by random. The only notion
of randomness that I have found worthwhile
SHA-1(1), SHA-1(2), SHA-1(3), ... SHA-1(N) will look random, but clearly is
not.
Just by curiosity, I ran the Diehard tests on /dev/random (FreeBSD
7.0) and a sha1 sequence of [ 1 ... N ]. Both random files are 63 Mb.
I know that there has been some controversy about /dev/random of
FreeBSD on
Ben wrote:
But just how GREAT is that, really? Well, we don'
t know. Why? Because there isn't actually a way test for randomness. Your
DNS resolver could be using some easily predicted random number generator
like, say, a linear congruential one, as is common in the rand() library
quality - is terribly
effective and very hard to spot).
Or am I missing something ?
I think that, in general, you are correct. However, in the case of NAT
your adversary is not someone who is trying to guess your randomness,
but someone who is trying to sell you their NAT gateway. In this case
Hi,
I would suggest to use http://www.cacert.at/random/ to test the
randomness of the DNS source ports. Due to the large variety of
random-number sources that have been tested there already, it's useful
as a classification service of unknown randomly looking numbers.
You just have to collect
I thought this list might be interested in a mini-rant about DNS source
port randomness on my blog: http://www.links.org/?p=352.
Ever since the recent DNS alert people have been testing their DNS
servers with various cute things that measure how many source ports you
use, and how random
On Jul 30, 2008, at 1:56 PM, Ben Laurie wrote:
Oh, and I should say that number of ports and standard deviation are
not a GREAT way to test for randomness. For example, the sequence
1000, 2000, ..., 27000 has 27 ports and a standard deviation of over
7500, which looks pretty GREAT to me
But just how GREAT is that, really? Well, we don'
t know. Why? Because there isn't actually a way test for randomness. Your
DNS resolver could be using some easily predicted random number generator
like, say, a linear congruential one, as is common in the rand() library
function, but DNS
Pierre-Evariste Dagand wrote:
But just how GREAT is that, really? Well, we don'
t know. Why? Because there isn't actually a way test for randomness. Your
DNS resolver could be using some easily predicted random number generator
like, say, a linear congruential one, as is common in the rand
of randomness ? (it's not a
rhetorical questions, I'm curious about other approaches).
Regards,
--
Pierre-Evariste DAGAND
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RNG.
But, then, there is a the chicken or the egg problem: how would you
ensure that a *new* RNG is a good source of randomness ? (it's not a
rhetorical questions, I'm curious about other approaches).
By reviewing the algorithm and thinking hard.
--
http://www.apache-ssl.org/ben.html
Ben Laurie writes:
Oh, and I should say that number of ports and standard deviation are not
a GREAT way to test for randomness. For example, the sequence 1000,
2000, ..., 27000 has 27 ports and a standard deviation of over 7500,
which looks pretty GREAT to me. But not very random.
That's
Date: Wed, 30 Jul 2008 21:22:59 +0200
From: Pierre-Evariste Dagand [EMAIL PROTECTED]
To: Ben Laurie [EMAIL PROTECTED], cryptography@metzdowd.com
Subject: Re: On the randomness of DNS
[...]
For sure, it would be better if we could check the source code and
match the implemented RNG
On 30 Jul 2008, at 19:57, Pierre-Evariste Dagand wrote:
But just how GREAT is that, really? Well, we don'
t know. Why? Because there isn't actually a way test for
randomness. Your
DNS resolver could be using some easily predicted random number
generator
like, say, a linear congruential one
On 30 Jul 2008, at 21:33, Ben Laurie wrote:
For sure, it would be better if we could check the source code and
match the implemented RNG against an already known RNG.
But, then, there is a the chicken or the egg problem: how would you
ensure that a *new* RNG is a good source of randomness
I've been working on the randomness and unpredictability this morning
instead of doing my taxes, and found these links:
http://crd.lbl.gov/~dhbailey/pi/
http://pisearch.lbl.gov/
The section on randomness, entropy, etc. is here:
http://www.subspacefield.org/security/security_concepts.html
Aloha!
Leichter, Jerry skrev:
So presumably the model is: Put each manufactured chip into a testing
device that repeatedly power cycles it and reads all of memory. By
simply comparing values on multiple cycles, it assigns locations to
Class 1 or 2 (or 3, if you like). Once you've done this
Aloha!
Peter Gutmann skrev:
So RAM state is entropy chicken soup, you may as well use it because it can't
make things any worse, but I wouldn't trust it as the sole source of entropy.
Ok, apart from the problems with reliable entropy generation. I'm I
right when I get a bad feeling when I
On Tue, 18 Sep 2007, James A. Donald wrote:
Using SRAM as a source of either randomness or unique
device ID is fragile. It might well work, but one
cannot know with any great confidence that it is going
to work. It might work fine for every device for a
year, and then next batch arrives
noise
generating chip that they acknowledged was not random enough for good
measurements. The fix suggested was to parallel a number, six as I
recall, to improve the randomness by mixing the signals to achieve
better randomness. I don't recall the math but the approach improved
the randomness
was not random enough for good measurements. The fix
suggested was to parallel a number, six as I recall,
to improve the randomness by mixing the signals to
achieve better randomness. I don't recall the math but
the approach improved the randomness by more than an
order of magnitude.
If one
Udhay Shankar N [EMAIL PROTECTED] writes:
Sounds like an interesting idea - using SRAM state as a source of randomness.
Any of the folks here willing to comment on this?
The paper actually covers two (related) things, fingerprint extraction and
using SRAM power-up state as a random number source
functionality that checks the randomness of the
initial SRAM state after power on. But somehow I don't think a good test
suite and extremely low cost devices (for example RFID chips) are very
compatible concepts.
--
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning
On Sep 12, 2007, at 7:06 AM, Udhay Shankar N wrote:
Sounds like an interesting idea - using SRAM state as a source of
randomness. Any of the folks here willing to comment on this?
If you care about your randomness, you don't want to be making the
assumption that a source is random because
Hi.
On Sun, 16 Sep 2007, Joachim Strmbergson wrote:
One could add test functionality that checks the randomness of the
initial SRAM state after power on. But somehow I don't think a good test
suite and extremely low cost devices (for example RFID chips) are very
compatible concepts.
One can
Aloha!
Udhay Shankar N skrev:
Sounds like an interesting idea - using SRAM state as a source of
randomness. Any of the folks here willing to comment on this?
Udhay
http://prisms.cs.umass.edu/~kevinfu/papers/holcomb-FERNS-RFIDSec07.pdf
IMHO a very interesting paper.
But I have a few
On 27 April 2007 20:34, Eastlake III Donald-LDE008 wrote:
See http://xkcd.com/c221.html.
Donald
http://web.archive.org/web/20011027002011/http://dilbert.com/comics/dilbert/ar
chive/images/dilbert2001182781025.gif
cheers,
DaveK
--
Can't think of a witty .sigline today
See http://xkcd.com/c221.html.
Donald
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
http://news.zdnet.com/2100-1009_22-6142935.html?part=rsstag=feedsubj=zdnn
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
people are looking for in cryptographic RNGs. What kind of randomness
or security properties are you talking about?
There is no way to prove that dice you are watching on TV are not loaded
(even if the value distribution is fair). If one gets to participate in
a verifiable protocol that rolls
| There's another definition of randomness I'm aware of, namely that the
| bits are derived from independent samples taken from some sample space
| based on some fixed probability distribution, but that doesn't seem
| relevant unless you're talking about a HWRNG. As another poster
| pointed out
On 12/3/05, Victor Duchovni [EMAIL PROTECTED] wrote:
Actually, this is inaccurate, proving the strength of AES or factoring is
difficult, and may never happen, we may even prove AES to be not secure
(in a broad sense) some day. Proving an RNG secure is *impossible*.
I'm not sure it's
On Sat, Dec 03, 2005 at 10:47:52PM -0600, Travis H. wrote:
On 12/3/05, Victor Duchovni [EMAIL PROTECTED] wrote:
Actually, this is inaccurate, proving the strength of AES or factoring is
difficult, and may never happen, we may even prove AES to be not secure
(in a broad sense) some day.
On Fri, 2005-12-02 at 11:54 +0100, Lee Parkes wrote:
So, the question is, how can the randomness of a PRNG be proved within
reasonable limits of time, processing availability and skill?
Cryptographic randomness? None.
Any one who considers arithmetical methods of producing random digits
On Fri, Dec 02, 2005 at 11:54:03AM +0100, Lee Parkes wrote:
Hi,
Apologies if this has been asked before.
The company I work for has been asked to prove the randomness of a random
number generator. I assume they mean an PRNG, but knowing my employer it
could be anything.. I've turned
On Fri, 2 Dec 2005, Lee Parkes wrote:
Hi,
Apologies if this has been asked before.
So, the question is, how can the randomness of a PRNG be proved within
reasonable limits of time, processing availability and skill?
Randomness is a quality that, intrinsically, cannot be proven. Period
| Hi,
| Apologies if this has been asked before.
|
| The company I work for has been asked to prove the randomness of a random
| number generator. I assume they mean an PRNG, but knowing my employer it
| could be anything.. I've turned the work down on the basis of having
another
| gig that week
it.
Afonso Araujo Neto
On 2 Dec 2005 at 11:54, Lee Parkes wrote:
Hi,
Apologies if this has been asked before.
The company I work for has been asked to prove the randomness of a
random number generator. I assume they mean an PRNG, but knowing my
employer it could be anything.. I've turned
On Fri, Dec 02, 2005 at 10:13:21PM -0200, [EMAIL PROTECTED] wrote:
Well, you just can't prove a PRNG is secure. It would be like proving that
the AES
is secure, or that factoring integers is hard. It just can't be done (aside
theoretical
discutions about P=NP).
Actually, this is
Hi,
Apologies if this has been asked before.
The company I work for has been asked to prove the randomness of a random
number generator. I assume they mean an PRNG, but knowing my employer it
could be anything.. I've turned the work down on the basis of having another
gig that week. However
63 matches
Mail list logo