anon on rngs

Anonymous (nobody@replay.com)
Mon, 25 Jan 1999 07:31:07 +0100

• Next message: Missouri FreeNet Administration: "A quick Question (Was Re: "Damn Furriners" :-)"
• Previous message: James A. Donald: "Re: Anonymous on RNG's"

At 08:13 AM 1/25/99 +0800, Enzo Michelangeli wrote:
>-----Original Message-----
>From: Anonymous <nobody@replay.com>
>To: CodherPlunks@toad.com <CodherPlunks@toad.com>
>>At 09:40 AM 1/24/99 +0800, Enzo Michelangeli wrote:
>>> Dr M wrote:
>>>>Well, no compressor works on the random bits I get, and it does pass
>>>>DIEHARD, so it's as random as I know how to measure.
>>>
>>>No compressor <<that you tried>>, you mean. But the number of possible
>>>algorithms is infinite, and someone knowing a design weakness could well
>>>exploit it to design a way of reducing the number of equivalent bits.
>D'you
>>>remember the case of Netscape Navigator?
>>>
>>>Enzo
>>
>>While philosophically true, this is garbage. Particularly since Dr. M is
>>using
>>physical source.
>
>
>So? Besides the fact that all sources are "physical" (are there spiritual
>data sources?),

The only real spirits come in glass bottles.

>they may contain biases that make their output somehow
>predictable by someone with sufficient insight; still, the bias may be
>non-linear enough not to show up up in any common statistical test (as,
>e.g., the one from a low-pass filter would, making the noise pink). Here is
>an example: Dr M (or Intel) builds a generator whose output alternates
>between a perfect, quantum-based RNG, and a totally deterministic PRNG.
>The output is still statistically perfect, but those who know the design
>may forecast half of the bits; the entropy is not higher than 50% of the
>bit rate.
>
>Enzo

Precisely why, if I were a major bank, I'd employ a chip-stripping lab
to verify that there was no such extra circuitry on a random sample
of the part I bought.

You can, on the output side, hide such miscreancy, as you point out,
but you can't hide it when you're looking at an implementation and
can account for what all the atoms are doing.

Admittedly, if They can get to your Closet and replace chips in
your Box, all hope is abandoned here. But, as a skeptical empiricist,
I'd love to learn of something better than COTS reverse engineering...

The alternative to dedicated H/W is trusting *all* your S/W...

-Anon.

• Next message: Missouri FreeNet Administration: "A quick Question (Was Re: "Damn Furriners" :-)"
• Previous message: James A. Donald: "Re: Anonymous on RNG's"