On Wed, 24 Apr 2002, David Howe wrote:
No it isn't. You -want- a RNG but you can't have one. Nobody
-wants- a PRNG, they -settle- for it.
I think there is some confusion here - if you are using a PRNG as a stream
cypher, the last thing in the world you want is for it to be truely random -
On Wed, 24 Apr 2002 [EMAIL PROTECTED] wrote:
That is, to get the infinite cycle, you'd have to have some method of
generating a uniform random integer 0 to infinity for the
initial state, and you'd need an infinite amount of memory
to store the current internal state. Neither of which
is
Comments inline...
On Wed, 24 Apr 2002, R. A. Hettinga wrote:
I seem to be channeling mathematicians this morning...
Cheers,
RAH
--- begin forwarded text
Status: U
From: Somebody with a sheepskin...
To: R. A. Hettinga [EMAIL PROTECTED]
Subject: Re: Two ideas for random number
On Thu, 25 Apr 2002, Trei, Peter wrote:
My point, I hope it is clear, was to prove that there are deterministic
algorithms which do not repeat.
There are, AND they are continous and -not- based on NOT-AND-OR. I
-never- said there were not deterministic algorithms but then again those
On Thu, 25 Apr 2002, Ken Brown wrote:
Trei, Peter wrote:
[...]
Exactly what is the Choatian definition of a PRNG which requires
it to repeat, anyway?
Possibly confusion between 2 common English meanings of repeat.
(1) repeatable, so if someone else runs the same algorithm on
- Original Message -
From: Adam Back [EMAIL PROTECTED]
On Fri, Apr 26, 2002 at 11:48:11AM -0700, Joseph Ashwood wrote:
From: Bill Stewart [EMAIL PROTECTED]
I've been thinking about a somewhat different but related problem
lately,
which is encrypted disk drives. You could
Joseph Ashwood wrote:
Adam Back Wrote:
This becomes completely redoable (or if you're willing to sacrifice
a small portion of each block you can even explicitly stor ethe IV.
That's typically not practical, not possible, or anyway very
undesirable for performance (two disk hits
- Original Message -
From: Adam Back [EMAIL PROTECTED]
Joseph Ashwood wrote:
Actually I was referring to changing the data portion of the block
from {data} to {IV, data}
Yes I gathered, but this what I was referring to when I said not
possible. The OSes have 512Kbytes ingrained
Title: RE: Re: disk encryption modes (Re: RE: Two ideas for random number generation)
Instead of adding 16 bytes to the size of each sector for sector IV's how about having a separate file (which could be stored on a compact flash card, CDRW or other portable media) that contains the IV's
Title: RE: Re: disk encryption modes (Re: RE: Two ideas for random number generation)
- Original Message -
From:
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, April 27, 2002 12:11
PM
Subject: CDR: RE: Re: disk encryption
modes (Re: RE: Two ideas
- Original Message -
From: Bill Stewart [EMAIL PROTECTED]
I've been thinking about a somewhat different but related problem lately,
which is encrypted disk drives. You could encrypt each block of the disk
with a block cypher using the same key (presumably in CBC or some similar
On Fri, Apr 26, 2002 at 11:48:11AM -0700, Joseph Ashwood wrote:
From: Bill Stewart [EMAIL PROTECTED]
I've been thinking about a somewhat different but related problem lately,
which is encrypted disk drives. You could encrypt each block of the disk
with a block cypher using the same key
At 10:18 AM 4/25/02 -0700, Tim May wrote:
On Thursday, April 25, 2002, at 07:45 AM, Major Variola (ret) wrote:
Predictability gets much worse if one of the walls of a pool-table is
curved,
then the uncertainty in a perfectly-round ball's momentum is
magnified after reflection, compared to a
At 09:42 AM 4/23/02 -0700, Tim May wrote:
And even if the world were Newtonian, in a classical billiard ball
sense, with Planck's constant precisely equal to zero, predictability
is
a chimera. Consider a game of billiards, with perfectly spherical
billiard balls, a perfectly flat table, etc.
[EMAIL PROTECTED] wrote:
On 24 Apr 2002 at 17:41, David Howe wrote:
its probably a better (if much slower) stream cypher than most currently
in
use; I can't think of any that have larger than a 256 internal state,
and
that implies a 2^256 step cycle at best; for pi to be worse, it would
Major Variola (ret) wrote:
There is a fascinating demo-photograph that shows reflections off
4 stacked steel balls is a classical fractal.
Topology in chaotic scattering - DAVID SWEET, EDWARD OTT JAMES A.
YORKE
Sandy Harris[SMTP:[EMAIL PROTECTED]]
Jim Choate wrote:
PRNG output is fixed/repeatable too - that is a properly you *want*
from a
PRNG.
No it isn't. You -want- a RNG but you can't have one. Nobody -wants- a
PRNG, they -settle- for it.
That is nearly true for crypto
On Thursday, April 25, 2002, at 07:45 AM, Major Variola (ret) wrote:
At 09:42 AM 4/23/02 -0700, Tim May wrote:
And even if the world were Newtonian, in a classical billiard ball
sense, with Planck's constant precisely equal to zero, predictability
is
a chimera. Consider a game of
Trei, Peter wrote:
[...]
Exactly what is the Choatian definition of a PRNG which requires
it to repeat, anyway?
Possibly confusion between 2 common English meanings of repeat.
(1) repeatable, so if someone else runs the same algorithm on similar
hardware with the same initial conditions
On Tue, 23 Apr 2002, Riad S. Wahby wrote:
This may take more voltage than you want to use in your process, but you
can engineer the base-emitter junction if you've got a friend in process
engineering.
Aren't there dedicated avalanche diodes available with low breakdown
voltages, precisely for
Jim Choate [EMAIL PROTECTED] wrote:
But that changes the game in the middle of play, the sequence of digits
in pi is fixed, not random. You can't get a random number from a constant.
Otherwise it wouldn't be a constant.
PRNG output is fixed/repeatable too - that is a properly you *want* from a
On Wed, 24 Apr 2002, David Howe wrote:
Jim Choate [EMAIL PROTECTED] wrote:
But that changes the game in the middle of play, the sequence of digits
in pi is fixed, not random. You can't get a random number from a constant.
Otherwise it wouldn't be a constant.
PRNG output is
Sampo Syreeni [EMAIL PROTECTED] wrote:
Aren't there dedicated avalanche diodes available with low breakdown
voltages, precisely for this reason? I think they're used in applications
where zeners could be, except for higher breakdown current.
Sure. I was thinking of an IC design, in which
Jim Choate wrote:
PRNG output is fixed/repeatable too - that is a properly you *want* from a
PRNG.
No it isn't. You -want- a RNG but you can't have one. Nobody -wants- a
PRNG, they -settle- for it.
That is nearly true for crypto applications, but it certainly isn't for
some others.
Tim May wrote:
On Monday, April 22, 2002, at 11:23 PM, Joseph Ashwood wrote:
From: [EMAIL PROTECTED]
If a RNG runs off Johnson noise, then the ability to predict its
output would imply the ability to violate the second law of
thermodynamics. If it runs off shot noise, then the
On Tue, 23 Apr 2002 [EMAIL PROTECTED] wrote:
--
Jim Choate wrote:
If you can't develop a RNG in software (ie you'd be in a
state of sin), what makes you think you can do it using
-only- digital gates in hardware? You can't.
James A. Donald:
Classic Choatian physics.
At 11:55 AM 4/24/02 +0300, Sampo Syreeni wrote:
On Tue, 23 Apr 2002, Riad S. Wahby wrote:
This may take more voltage than you want to use in your process, but
you
can engineer the base-emitter junction if you've got a friend in
process
engineering.
You can also use common guard structures to
No it isn't. You -want- a RNG but you can't have one. Nobody
-wants- a PRNG, they -settle- for it.
I think there is some confusion here - if you are using a PRNG as a stream
cypher, the last thing in the world you want is for it to be truely random -
you need to sync up two prngs in order to
Optimizzin Al-gorithym [EMAIL PROTECTED] wrote:
You can also use common guard structures to isolate the HV part of
the chip, without dicking with the Delicate Recipes (process) which
you Don't Want To Do And Probably Wouldn't Be Allowed To Anyway.
Also helps keep digital switching noise out
I seem to be channeling mathematicians this morning...
Cheers,
RAH
--- begin forwarded text
Status: U
From: Somebody with a sheepskin...
To: R. A. Hettinga [EMAIL PROTECTED]
Subject: Re: Two ideas for random number generation
Date: Wed, 24 Apr 2002 08:44:41 -0600
Bob,
Tim's examples
On 24 Apr 2002 at 17:41, David Howe wrote:
Maybe for you, I sure as hell wouldn't use it either as a key or as a
seed into a known hashing/whiting algorithm.
its probably a better (if much slower) stream cypher than most currently in
use; I can't think of any that have larger than a 256
Jim Choate [EMAIL PROTECTED] wrote:
But that changes the game in the middle of play, the sequence of digits
in pi is fixed, not random. You can't get a random number from a constant.
Otherwise it wouldn't be a constant.
PRNG output is fixed/repeatable too - that is a properly you *want* from a
On Wed, 24 Apr 2002, David Howe wrote:
Jim Choate [EMAIL PROTECTED] wrote:
But that changes the game in the middle of play, the sequence of digits
in pi is fixed, not random. You can't get a random number from a constant.
Otherwise it wouldn't be a constant.
PRNG output is
Sampo Syreeni [EMAIL PROTECTED] wrote:
Aren't there dedicated avalanche diodes available with low breakdown
voltages, precisely for this reason? I think they're used in applications
where zeners could be, except for higher breakdown current.
Sure. I was thinking of an IC design, in which
On Tue, 23 Apr 2002 [EMAIL PROTECTED] wrote:
--
Jim Choate wrote:
If you can't develop a RNG in software (ie you'd be in a
state of sin), what makes you think you can do it using
-only- digital gates in hardware? You can't.
James A. Donald:
Classic Choatian physics.
On 24 Apr 2002 at 17:41, David Howe wrote:
Maybe for you, I sure as hell wouldn't use it either as a key or as a
seed into a known hashing/whiting algorithm.
its probably a better (if much slower) stream cypher than most currently in
use; I can't think of any that have larger than a 256
On Mon, 22 Apr 2002 [EMAIL PROTECTED] wrote:
--
On 22 Apr 2002 at 17:38, Jim Choate wrote:
If you can't develop a RNG in software (ie you'd be in a state
of sin), what makes you think you can do it using -only- digital
gates in hardware? You can't.
Classic Choatian physics.
Of
Jim Choate[SMTP:[EMAIL PROTECTED]]
On Mon, 22 Apr 2002, Trei, Peter wrote:
The defining difference between the two is that if you know the
algorithm and seed, the output of a PRNG can be reproduced,
at a different time, place. or both. There are circumstances in
which this is
Actually you left something out, the PRNG by definition must have a
modulus of repetition. At some point it starts the sequence over.
As usual, Jim is wrong. There are deterministic systems which never
repeat. For example, there is an algorithm which will give you the
nth digit of pi.
--
Joseph Ashwood
Because with a pRNG we can sometimes prove very important
things, while with a RNG we can prove very little (we can't
even prove that entropy actually exists, let alone that we
can collect it).
James A. Donald:
Don't be silly. Of course we know that
--
Jim Choate wrote:
If you can't develop a RNG in software (ie you'd be in a
state of sin), what makes you think you can do it using
-only- digital gates in hardware? You can't.
James A. Donald:
Classic Choatian physics.
Of course you can.
Jim Choate:
Not if you use -only-
On Monday, April 22, 2002, at 11:23 PM, Joseph Ashwood wrote:
From: [EMAIL PROTECTED]
If a RNG runs off Johnson noise, then the ability to predict its
output would imply the ability to violate the second law of
thermodynamics. If it runs off shot noise, then the ability to
predict its
Tim May wrote:
Boehm's hidden variables model is generally discredited (some would
say disproved). Alternatives to the Copenhagen Interpretation, notably
EWG/many worlds, Hartle's consistent histories, and Cramer's
transactional model, are still not deterministic, in that the world an
gfgs pedo [EMAIL PROTECTED] wrote:
why exactly is avalanvche break down a good RNG?
Thank u.
Avalanche noise is just about as good as Johnson / Johnson-Nyquist /
thermal noise (all names for the same phenomenon) for collecting
entropy. The spectral density is flat, but the amplitude
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tim wrote:
The modern name for this outlook is chaos theory, but I believe
chaos gives almost mystical associations to something which is really
quite understandable: divergences in decimal expansions.
Discrepancies come marching in, fairly
On Tue, 23 Apr 2002, Trei, Peter wrote:
As usual, Jim is wrong. There are deterministic systems which never
repeat. For example, there is an algorithm which will give you the
nth digit of pi.
Ok. The distribution of a single digit is -not- the same as pi itself...
If I use this as my PRNG
On Tue, 23 Apr 2002, Trei, Peter wrote:
Exactly what is the Choatian definition of a PRNG which requires
it to repeat, anyway?
Wrong question, the -right- questions is...
What is -random-?
It means unpredictable, this means unrepeatable. If it repeats then it
-must- be predictable; that
On Tue, 23 Apr 2002, Alan Braggins wrote:
Actually you left something out, the PRNG by definition must have a
modulus of repetition. At some point it starts the sequence over.
As usual, Jim is wrong. There are deterministic systems which never
repeat. For example, there is an
On Tue, 23 Apr 2002 [EMAIL PROTECTED] wrote:
One can build a true random generator using a two resistors, a
A resistor isn't a Boolean gate.
Go back to sleep.
I'm still working on your Chomsky page. I don't think you'll be happy.
--
On Tue, 23 Apr 2002, Riad S. Wahby wrote:
Another nice way to get an RNG is Avalanche breakdown.
I like using radiation on diodes myself. Reverse bias them and then
amplify the noise. Use a Schmitt Trigger. Use one for each bit.
--
--
Joseph Ashwood
Because with a pRNG we can sometimes prove very important
things, while with a RNG we can prove very little (we can't
even prove that entropy actually exists, let alone that we
can collect it).
James A. Donald:
Don't be silly. Of course we know that
On Tue, 23 Apr 2002, Trei, Peter wrote:
Exactly what is the Choatian definition of a PRNG which requires
it to repeat, anyway?
Wrong question, the -right- questions is...
What is -random-?
It means unpredictable, this means unrepeatable. If it repeats then it
-must- be predictable; that
On Sun, 21 Apr 2002 [EMAIL PROTECTED] wrote:
Why would one want to implement a PRNG in silicon, when one can
easily implement a real RNG in silicon?
Both applications are orthogonal. PRNG != entropy.
And if one is implementing a PRNG in software, it is trivial to
have lots of internal
On Sunday, April 21, 2002, at 09:53 PM, Joseph Ashwood wrote:
- Original Message -
From: [EMAIL PROTECTED]
To: Tim May [EMAIL PROTECTED]; Eugen Leitl [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Sunday, April 21, 2002 1:33 PM
Subject: Re: Two ideas for random number generation
On Sunday, April 21, 2002, at 11:09 PM, Eugen Leitl wrote:
On Sun, 21 Apr 2002 [EMAIL PROTECTED] wrote:
Why would one want to implement a PRNG in silicon, when one can
easily implement a real RNG in silicon?
Both applications are orthogonal. PRNG != entropy.
And if one is implementing a
On Mon, 22 Apr 2002, Tim May wrote:
What real-life examples can you name where Gbit rates of random digits
are actually needed?
Multimedia streams, routers. If I want to secure a near-future 10 GBit
Ethernet stream with a symmetric cypher for the duration of a few years
(periodic rekeying
hi,
--- [EMAIL PROTECTED] wrote:
On 22 Apr 2002 at 0:08, Ben Laurie wrote:
Oh surely you can do better than that - making it
hard to guess the seed
is also clearly a desirable property (and one that
the square root rng
does not have).
U can choose any arbitrary seed(greater than 100
gfgs pedo wrote:
hi,
--- [EMAIL PROTECTED] wrote:
On 22 Apr 2002 at 0:08, Ben Laurie wrote:
Oh surely you can do better than that - making it
hard to guess the seed
is also clearly a desirable property (and one that
the square root rng
does not have).
U can choose any
[EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]] wrote:
Why would one want to implement a PRNG in silicon, when one can
easily implement a real RNG in silicon?
RNGs and PRNGs serve somewhat different purposes in current
cryptographic systems. Both are useful, but it's not clear to me
that the
Ben Laurie wrote:
gfgs pedo wrote:
hi,
--- [EMAIL PROTECTED] wrote:
On 22 Apr 2002 at 0:08, Ben Laurie wrote:
Oh surely you can do better than that - making it
hard to guess the seed
is also clearly a desirable property (and one that
the square root rng
does not
On Mon, 22 Apr 2002, Trei, Peter wrote:
So my suggestion is that while hardware accelaration of PRNGs may have
some usefulness, true RNGs need not have the same performance. I'd
rather see people work on making the true RNGs *trustworthy*, which is
a much more difficult problem.
Out of
- Original Message -
From: Eugen Leitl [EMAIL PROTECTED]
On Mon, 22 Apr 2002, Tim May wrote:
What real-life examples can you name where Gbit rates of random digits
are actually needed?
Multimedia streams, routers. If I want to secure a near-future 10 GBit
Ethernet stream with a
- Original Message -
From: gfgs pedo [EMAIL PROTECTED]
Oh surely you can do better than that - making it
hard to guess the seed
is also clearly a desirable property (and one that
the square root rng
does not have).
U can choose any arbitrary seed(greater than 100 bits
as
hi,
I get the point.Thanx for all the replies.
regards Data.
--- Joseph Ashwood [EMAIL PROTECTED] wrote:
- Original Message -
From: gfgs pedo [EMAIL PROTECTED]
Oh surely you can do better than that - making
it
hard to guess the seed
is also clearly a desirable
On Mon, 22 Apr 2002, Trei, Peter wrote:
The defining difference between the two is that if you know the
algorithm and seed, the output of a PRNG can be reproduced,
at a different time, place. or both. There are circumstances in
which this is very much a desired quality.
Actually you left
On Sunday, April 21, 2002, at 09:53 PM, Joseph Ashwood wrote:
- Original Message -
From: [EMAIL PROTECTED]
To: Tim May [EMAIL PROTECTED]; Eugen Leitl [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Sunday, April 21, 2002 1:33 PM
Subject: Re: Two ideas for random number generation
- Original Message -
From: [EMAIL PROTECTED]
To: Tim May [EMAIL PROTECTED]; Eugen Leitl [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Sunday, April 21, 2002 1:33 PM
Subject: CDR: Re: Two ideas for random number generation
Why would one want to implement a PRNG in silicon, when one can
On Mon, 22 Apr 2002, Tim May wrote:
What real-life examples can you name where Gbit rates of random digits
are actually needed?
Multimedia streams, routers. If I want to secure a near-future 10 GBit
Ethernet stream with a symmetric cypher for the duration of a few years
(periodic rekeying
On Sun, 21 Apr 2002 [EMAIL PROTECTED] wrote:
Why would one want to implement a PRNG in silicon, when one can
easily implement a real RNG in silicon?
Both applications are orthogonal. PRNG != entropy.
And if one is implementing a PRNG in software, it is trivial to
have lots of internal
- Original Message -
From: Eugen Leitl [EMAIL PROTECTED]
On Mon, 22 Apr 2002, Tim May wrote:
What real-life examples can you name where Gbit rates of random digits
are actually needed?
Multimedia streams, routers. If I want to secure a near-future 10 GBit
Ethernet stream with a
- Original Message -
From: gfgs pedo [EMAIL PROTECTED]
Oh surely you can do better than that - making it
hard to guess the seed
is also clearly a desirable property (and one that
the square root rng
does not have).
U can choose any arbitrary seed(greater than 100 bits
as
On Saturday, April 20, 2002, at 01:51 PM, gfgs pedo wrote:
hi,
Here are two ideas which came up in my mind.
Since I have done a few diagrams for illustration and
thought that it will not be a good idea as
attachment,I have put the ideas at the following url
http://www.ircsuper.net/~neo/
On Sat, 20 Apr 2002, Tim May wrote:
As a meta-point, the world is not in short supply of lots of good RNGs,
ranging from Johnson noise detectors to very strong Blum-Blum-Shub
generators. The interesting stuff in crypto lies in other places.
I disagree here somewhat. Cryptography ttbomk
At 11:22 AM 4/21/02 +0200, Eugen Leitl wrote:
I disagree here somewhat. Cryptography ttbomk doesn't have means of
construction of provably strong PRNGs, especially scalable ones, and
with
lots of internal state (asymptotically approaching one-time pad
properties), and those which can be mapped
On 21 Apr 2002 at 10:00, Major Variola (ret) wrote:
At 11:22 AM 4/21/02 +0200, Eugen Leitl wrote:
I disagree here somewhat. Cryptography ttbomk doesn't have means of
construction of provably strong PRNGs, especially scalable ones, and
with
lots of internal state (asymptotically
- Original Message -
From: [EMAIL PROTECTED]
To: Tim May [EMAIL PROTECTED]; Eugen Leitl [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Sunday, April 21, 2002 1:33 PM
Subject: CDR: Re: Two ideas for random number generation
Why would one want to implement a PRNG in silicon, when one can
At 11:22 AM 4/21/02 +0200, Eugen Leitl wrote:
I disagree here somewhat. Cryptography ttbomk doesn't have means of
construction of provably strong PRNGs, especially scalable ones, and
with
lots of internal state (asymptotically approaching one-time pad
properties), and those which can be mapped
--
Tim May:
As a meta-point, the world is not in short supply of lots of
good RNGs, ranging from Johnson noise detectors to very strong
Blum-Blum-Shub generators. The interesting stuff in crypto
lies in other places.
Eugen Leitl
I disagree here somewhat. Cryptography ttbomk
[EMAIL PROTECTED] wrote:
On 21 Apr 2002 at 10:00, Major Variola (ret) wrote:
At 11:22 AM 4/21/02 +0200, Eugen Leitl wrote:
I disagree here somewhat. Cryptography ttbomk doesn't have means of
construction of provably strong PRNGs, especially scalable ones, and
with
lots of
hi,
Here are two ideas which came up in my mind.
Since I have done a few diagrams for illustration and
thought that it will not be a good idea as
attachment,I have put the ideas at the following url
http://www.ircsuper.net/~neo/
I sincerely appreciate ur comments.Thank u for ur
time.
Regards
For the start, before deeper analysis, it would be a good idea to run Diehard
on the output, just to check for the obvious problems.
=
end
(of original message)
Y-a*h*o-o (yes, they scan for this) spam follows:
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/
gfgs pedo wrote:
hi,
Here are two ideas which came up in my mind.
Since I have done a few diagrams for illustration and
thought that it will not be a good idea as
attachment,I have put the ideas at the following url
http://www.ircsuper.net/~neo/
I sincerely appreciate ur
hi,
Here are two ideas which came up in my mind.
Since I have done a few diagrams for illustration and
thought that it will not be a good idea as
attachment,I have put the ideas at the following url
http://www.ircsuper.net/~neo/
I sincerely appreciate ur comments.Thank u for ur
time.
Regards
For the start, before deeper analysis, it would be a good idea to run Diehard
on the output, just to check for the obvious problems.
=
end
(of original message)
Y-a*h*o-o (yes, they scan for this) spam follows:
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/
84 matches
Mail list logo