[onerng talk] Chaoskey presentation at LCA2017

iang iang at iang.org
Sat Jun 17 09:15:30 BST 2017


Understood what you're asking for but actually it is impossible or 
impractical.

There is no test that can say something is random.  There is a test that 
says, I can't see pattern X.  And there are tests that say we can't see 
patterns X-Z.  That's because of the nature of randomness - it can't be 
predicted therefore you can't predict that it wasn't created.

In more practical terms, take a psuedorandom generator like a cipher, 
and just feed it your known password.  The result is psuedo-random - it 
is guaranteed to show no pattern.  But it's not random because it is 
reproducible by anyone who knows the password.  E.g., a "RNG" could be 
built with a cipher and the key "NSABACKDOOR" and it would always appear 
random but be precisely non-random.

So how do we solve this problem in practice?  We solve it by (a ) using 
multiple sources that are not visible to the same attacker, then (b) 
feeding each uncorrelated source into a "mixer" and (c) feeding the 
output of that into a psuedo-random-number-generator, which generates 
RNs for the user.

http://iang.org/ssl/hard_truths_hard_random_numbers.html

OneRNG the provides a great source to that end, as in practical systems 
we mostly have poor RNGs in the operating system but we can mix in 
additional entropy.

iang


On 14/06/2017 19:35, bsr wrote:
> Post by bsr: Chaoskey presentation at LCA2017: OneRNG Talk: OneRNG
> OneRNG <http://lists.onerng.info>
>
> Photo of bsr <http://lists.onerng.info/p/bsr> 	
> *Chaoskey presentation at LCA2017* 
> <http://lists.onerng.info/r/topic/2fWDsknCPfL2tqPTVsVmlU>
> by *bsr* <http://lists.onerng.info/p/bsr>
> in *OneRNG Talk* <http://lists.onerng.info/groups/onerng-talk>
>
> ------------------------------------------------------------------------
> Very good presentation but I found Keith's comments about testing for 
> randomness a bit disconcerting, specifically how the noisy but 
> non-random image containing Pi passes DieHarder testing. When I look 
> at the noisy image on the right I see three dots with three vertical 
> traces and also a weak horizontal line, although he says there are two 
> dots. The point is that the image is clearly not random upon a quick 
> visual inspection and yet he says when he ran the image through 
> DieHarder it said, "Oh yes, that's completely random". Are there any 
> other (better?) software tools that exist for testing/verifying 
> randomness? It seems to me that this a catch-22. Short of building 
> another hardware entropy generator that we accept as truly random (a 
> reference standard to compare against) how can we verify true 
> randomness? And how would we know our chosen rng standard is truly 
> random to begin with? It seems hardware measuring decay would be truly 
> random but I'm dubious about a fish tank standard - my black skirt 
> tetras are quite territorial ;)
>
> ------------------------------------------------------------------------
> ⮪ Reply 
> <mailto:onerng-talk at lists.onerng.info?subject=Re%3A%20Chaoskey%20presentation%20at%20LCA2017> 
> 🖂 New topic <mailto:onerng-talk at lists.onerng.info> View topic… 
> <http://lists.onerng.info/r/topic/2fWDsknCPfL2tqPTVsVmlU>
> Unsubscribe 
> <mailto:onerng-talk at lists.onerng.info?subject=Unsubscribe&body=Hello%2C%0A%0APlease%20remove%20me%20from%20OneRNG%20Talk%0A%3Chttp%3A//lists.onerng.info/groups/onerng-talk%3E%0A%0AThank%20you.> 
>  • Switch to a daily digest 
> <mailto:onerng-talk at lists.onerng.info?subject=Digest%20on&body=Hello%2C%0A%0APlease%20switch%20me%20from%20receiving%20one%20email%20per%20post%20to%20the%20daily%0Adigest%2C%20which%20summarises%20the%20all%20the%20posts%20made%20each%20day%20in%0AOneRNG%20Talk%0A%3Chttp%3A//lists.onerng.info/groups/onerng-talk%3E%0A%0AThank%20you.> 
>
>
>   * Privacy <http://lists.onerng.info/policies/privacy/>
>   * Acceptable Use <http://lists.onerng.info/policies/aup/>
>   * Terms of Service <http://lists.onerng.info/policies/tos/>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20170617/9df297df/attachment.html>


More information about the Discuss mailing list