VIA C3 Random Number Generator Reviewed

An anonymous reader writes "VIA has added a hardware random number generator to its Nehemiah C3 CPU. I found a recent review of its security. Interesting how it's done at the instruction level as opposed to the chipset level used by the i810 RNG (also reviewed there)."

Finally

[kaamos]

I've been wanting to replace that Ti-80 that generated completely random 0-1 numbers.

Hell, I couldn't even predict what would come next

Oh wait...

Re:Finally

[eenglish_ca]

I had the worst experience with my Ti-83. It was a bit cold one morning and while using the "Rand" function on the calculator which generates fp(0.2345432) random numbers I got 10 complete "0"s in a row. HTW is that possible?

Re:Finally

The snow kept the noise down. *L*

Re:Finally

"I had the worst experience with my Ti-83..."

Dude, You REALY need to get out more.

-Greg

Re:Finally

Contrary to popular perception, it's actually not all that non-random to get a string of numbers in a row. There was a story about a guy at Bell Labs who built a machine who could guess what numbers you were going to pick "randomly" (actually, I think it had to do with coin tosses). It did better than 50/50, which was seemingly proof that it could read your mind. But of course, the real thing is that humans aren't random, and suck at picking random numbers.

Although now that I think about it a bit more, being familiar with that particular rand function, it does seem a bit odd.

Re:Finally

[caluml]

Sounds perfectly random to me.

It's like people that would be surprised if the lottery results were 1, 2, 3, 4, 5 and 6. "That's not random, is it?", they'd cry. It's just as likely as any other combination.

Re:Finally

Not true, If the numbers were 32 bit floating point then the probability of getting 10 0's in a row is 2^320, which is about 10^96, there have been of the order of 10^17 seconds since the universe began, so the probability of anyone, anywhere, anytime getting that sequence is vanishingly small.

Re:Finally

[archeopterix]

Not true, If the numbers were 32 bit floating point then the probability of getting 10 0's in a row is 2^320, which is about 10^96, there have been of the order of 10^17 seconds since the universe began, so the probability of anyone, anywhere, anytime getting that sequence is vanishingly small.

In fact, the probability of getting any sequence is equally small, and yet a sequence will get picked, so we obtain an almost improbable event with probability 1 :-)

Re:Finally

[CaseyB]

But if we extend the "probability analysis" outside the RNG itself, we can ask the question, "Is it more likely that the 10 zeroes were randomly chosen, or that they were the result of a flaw in the RNG?". While it's a valid random number, the fact that it's a boundary value is cause for suspicion of the technology.

Re:Finally

"While it's a valid random number, the fact that it's a boundary value is cause for suspicion of the technology."

Why?

Stewardess: "Chicken or beef?"

Passenger: "Chicken"

Stewardess: "Chicken?!?! NOBODY orders the chicken!" (head explodes)

Imagine a Beowulf cluster of these...

[Lethyos]

...generating huge cryptographically strong random numbers. I wish more companies would add hardware like this because a good source of entropy is becoming increasingly important in the world. Weak random numbers can reduce the strength of most crypto systems and we need all the privacy we can get in the US today.

Re:Imagine a Beowulf cluster of these...

[cpeterso]

or imagine a giant P2P random number generator, something like Linux's entropy pool, but across many nodes. The problem with this is that you cannot trust external sources for input, but perhaps you could "cross the streams" and safely mix them?

It reminds me of Random.org, a web site/service that generates random numbers for you. I think they even sell CDs of random numbers.

1. Random numbers
2. ???
3. Profit!!!

Re:Imagine a Beowulf cluster of these...

[Some+Dumbass...]

...generating huge cryptographically strong random numbers.

Good idea. It's getting late, and counting sheep doesn't work too well. ;)

Re:Imagine a Beowulf cluster of these...

It's amazing how these things get modded up. This guy just strung together a bunch of nonsense and got a +5 for his trouble. Looks like his CPU comes with a random Slashdot post generator as well.

Re:Imagine a Beowulf cluster of these...

[kasperd]

perhaps you could "cross the streams" and safely mix them?

In fact I have recently been working on some code doing something similar to that. Unfortunately the time complexity is quadratic, and I'm afraid it cannot be done any faster. If you want to work with megabytes of random bytes, quadratic time complexity is going to be a pain.

Re:Imagine a Beowulf cluster of these...

[kinko]

One of the replies to your post got me thinking... if this *was* used for cryptography, perhaps it would be possible to compromise the encryption by adding a strong electro-magnetic force to bias the hardware?

For example, DRM encrypting stuff on your box, or perhaps placing a magnet or something in someone else's computer...

Remember, hardware can be compromised too!

Re:Imagine a Beowulf cluster of these...

[dnoyeb]

I don't feel you. Does weak mean predictable? I just never understood the quest for *more* randon numbers. Practically, random is random!

How can one possibly predict the number a weak random number generator will create!?

Re:Imagine a Beowulf cluster of these...

[jafuser]

I think we have already learned from a popular 80's movie that it's really *bad* to "cross the streams"...

Also, if someone asks if you're a god, you say "YES".

Re:Imagine a Beowulf cluster of these...

[jafuser]

Could you execute a specific series of CPU instructions so that you create EM patterns to introduce a bias?

Re:Imagine a Beowulf cluster of these...

[Jonathan_S]

I don't feel you. Does weak mean predictable? I just never understood the quest for *more* randon numbers. Practically, random is random! How can one possibly predict the number a weak random number generator will create!?

Random is the hoped for result of a random number generator, it is not guarinted. Weak RNGs can fall into patterns, so that after observing their output you for a while you can begin to make good guesses about upcomming numbers.

An example of a weak non-deterministic RNG would be if you used the full temperature of you processor as an "random number" (clearly this is a stupidly extreme case), if you watch the temp for a little while you would notice that it really doesn't change very much and additionally you can guess how much it is going to change based on what the computer is doing at the moment.

For an example of weak deterministic random number generators I would point you to the page on TCP/IP Sequence numbers for various operating systems that Slashdot linked to a while back. You can see the "random number" output of many of the generators fall into clear patterns in the pictures.

Calling something a random number generator doesn't mean that the numbers is generates are very random.

Re:Imagine a Beowulf cluster of these...

[dnoyeb]

I think I get it now. For security purposes the random is fine. But from say gaming purposes where one may generate a new rnd number every 100ms, it must be truly random or people will eventually see long term patterns.

Re:Cool but...

[eenglish_ca]

How can anyone use an incomplete cpu without a math coprocessor? That is the heart of the functionality of any cpu.

Artificial Intelligence vs Artificial Stupidity

[stonebeat.org]

If a machine can not generate a truly random number (not seed based), and is not turing complete, can it be called Artificially Intelligent?

Re:Artificial Intelligence vs Artificial Stupidity

[the_2nd_coming]

I can show you a few people that cannot even meet those criteria :-D

Re:Artificial Intelligence vs Artificial Stupidity

And yet according to Heisenburg nothing can ever be truely known.

Re:Artificial Intelligence vs Artificial Stupidity

[ddd2k]

Aye, but nothing can be truly random
Actually, if Heisenburg theory of uncertainty holds true, which is supported by the unexplainable phenomena of singluar photon diffraction, random numbers are totally possible at the sub-atomic level and are not difficult to manipulate. This article hardly touches on how the numbers are generated, which lends me to question how valid this technology actually is.

Re:Artificial Intelligence vs Artificial Stupidity

[jmv]

Actually, I've heard of some experiment where people were asked to fake a "coin tossing session" and write down the results. Generally, you could tell it's fake because when "generating random numbers" people tend not to repeat sequences.

Re:Artificial Intelligence vs Artificial Stupidity

Incorrect. Heisenburg states that either location or velocity can be determined to an arbitrary level of accuracy, but increasing the accuracy of one measurement decreases the accuracy of the other.

In theory, you could know the exact location of a particle, but nothing about its velocity.

Re:Artificial Intelligence vs Artificial Stupidity

[NonSequor]

I believe my information theory professor said a good cut-off to decide whether a sequence of results from 100 coin tosses was produced by experiment or by a human is to check if one result occurs six or more times in a row. If such a repetition is there, it wasn't likely to be generated by a human, unless they know about this criterion of course.

Re:Artificial Intelligence vs Artificial Stupidity

[moonbender]

The guy's name is Heisenberg. Sorry for nitpicking, but three posts in a row mispelling his name is a bit too much. The school I went to was named after him, incidently.

Re:Artificial Intelligence vs Artificial Stupidity

[AndrewRUK]

Except that we always know something about it's velocity, because that must be less than c.

Re:Cool but...

[Angry+White+Guy]

A Floating point co-processor. There was a review of a laptop built on the VIA, ran linux, priced for $700.00. Good for anything but compiling, cad, etc. The chip could not handle floating points efficiently.

The Prototype:

[ihatewinXP]

Was just some guy they trained to sit there and yell numbers at them.

Developer: Hey! Gimme a number!!!

Idiot in corner: uh Seven boss!

Re:The Prototype:

[rcamera]

interestingly enough, the 'idiot in corner' chose the most predictable 'human random' number (of 1-10)

Re:The Prototype:

[Steven+Blanchley]

Interestingly enough, when asked to pick a number from 1 to 10, more people seem to pick 7 than anything else. My source is an unscientific poll, but I trust its general accuracy because I have noticed similar results myself. 7, 4, 5, 6, 3, 8, 2, 9, 10, 1. While the differences among 3, 4, 5, 6, and 8 could be off and the order of those probably cannot be trusted, 7 is definitely picked much more often than any of those five, which in turn are more likely picks than the four nearest either of the extremes.

It isn't just one to ten either; I've noticed that when you ask people to pick a number from N to M, where N to M are relatively close together, a particular answer seems to come up more often than others; for example, 12 comes up often among numbers from 1 to 15. Can anyone suggest an explanation for this?

Re:The Prototype:

Or if you're a smartass mathematician like me, when someone asks you to pick a number between 1 and 10, you'll say Pi. Hey, they didn't say a natural number...

Re:The Prototype:

[Steven+Blanchley]

Or if you're a really smartass mathematician like me, you'll say 'integer,' because every integer from 1 to 10 is also a natural number, and you can save two syllables by saying integer instead!

Re:The Prototype:

One syllable ;) I pronounce natural 'natch-rul' not 'nat-u-ral'

Re:The Prototype:

[pkunzipper]

Actually..three syllables: na-tu-ral

Re:The Prototype:

[DJPenguin]

I believe it has to do with Phi, or the golden circle ratio - it's part of what "proportions" are most pleasing to humans. We don't like the middle of a set of numbers, we don't like the ends.

One of my teachers demonstrated this once, by drawing a line on a piece of paper. He asked us all to mark along the line wherever we wanted, and most of the marks were like this:

Stupid cocking lameness filter. Well suffice it to say the marks were usually about 70% along the length of the line, or 30%. Never 50%,0,100...

Re:The Prototype:

[be-fan]

Also, there is a guideline in art saying that humans find it most pleasing when important demarcations (horizons, fences, tree-lines, etc) occur 1/3 or 2/3s of the way on an axis rather than in the middle or at the edges.

Re:The Prototype:

[Bob+Uhl]

Thos marks weren't at 70% or 30%, most likely: they were at 2/3 and 1/3. These are non-terminating in our half-assed decimal notation. OTOH, in duodecimal (aka dozenal) they are 0.4 and 0.8. In fact, in dozenal the only low-divisor fractions which are ugly are 1/5 and 1/10. 1/7, FWIW, works out to 0.186 exactly.

Duodecimal notation is far superior to decimal, and the world should convert to it. It won't, of course, but that makes it no less superior.

It also has the pleasing effect of revealing the ugliness inherent in French units.

Re:The Prototype:

Na-tu-ral Num-ber (5)
In-te-ger (3)
---
Difference: 2

You don't say "Integer Number." That's just stupid.

News Release

VIA Launches Seventh Generation 'Nehemiah' CPU Core, the First x86 Processor to Market with Embedded Security Features

Combining an integrated PadLock(TM) Data Encryption Engine with a wealth of enhanced performance features, the new generation VIA C3(TM) provides the lowest power native x86 platform for the fast-growing market of connected PCs and home entertainment centers

Taipei, Taiwan, 22 January 2003 - VIA Technologies, Inc., a leading innovator and developer of silicon chip technologies and PC platform solutions, today announced its new generation VIA C3(TM) processor integrating the 'Nehemiah' core. With its powerful PadLock(TM) Data Encryption Engine, this next generation VIA C3 is the first native x86 processor on the market with embedded security features that enhance the protection of sensitive corporate and personal data.

Available now at a speed of 1GHz, the new processor core is based on an advanced new CoolStream(TM) processor architecture that delivers all the necessary performance for running even the most demanding digital media applications while maintaining ultra low levels of power consumption and heat dissipation.

"The launch of the seventh generation VIA C3 processor extends our leadership in enabling the development of secure, quiet-running small form factor system designs for a rapidly growing number of exciting new lifestyle and productivity applications such as home digital media entertainment and connected computing," commented Paul Hsu, Executive Assistant to the President and Head of VIA's CPU Business Unit. "Integration of embedded security features in the processor provides the most robust and cost-effective solution for addressing the increased demands among individuals, businesses, and government organizations for enhanced authentication and protection of their data in today's connected world."

PadLock(TM) Data Encryption Engine
The PadLock Data Encryption Engine has been integrated into the new generation VIA C3 processor to ensure greater confidentiality, integrity, and authenticity of electronic data either stored in the computer or transmitted over a network or the Internet, and enables a host of powerful new security applications, including heavy-duty data encryption and safer online transactions.

At its heart is an advanced Random Number Generator (RNG) that uses random electrical noise on the chip to securely produce random number values, and features a direct application level interface through a new x86 instruction. Developers can obtain random numbers directly from the hardware without having to use separate software drivers, thereby providing an inherently more secure and efficient solution than combined hardware/software RNG architectures. The RNG includes several operating modes, offering performance from 750K bits per second to as high as 6 million bits per second.

"VIA's incorporation of a hardware random number source on the processor die is exciting for developers, since it provides a simple and effective way of obtaining high quality randomness. This is particularly important for security and cryptography applications, since it is notoriously difficult to generate random numbers of adequate quality without a hardware random number generator," said Paul Kocher, President of Cryptography Research, Inc. and co-inventor of SSL 3.0. "I am enthusiastic about the benefit to applications such as secure web browsing, cryptographic key generation, and protocols where randomness is required."

CoolStream(TM) Architecture
Based on the advanced CoolStream architecture, the new generation VIA C3 processor has a highly efficient design that, when coupled with the VIA Apollo CLE266 chipset, delivers performance increases of up to 20% over the current version of the VIA C3 processor in mainstream productivity applications and up to 73% for 3D graphics applications, while continuing to deliver the same benefits of low power and minimal heat dissipation.

New performanc

Testing bittorrent

[Pathwalker]

I'm playing around with bittorrent.

As a test, I put the PDF file of the review of the hardware RNG up here (The summary is here).

If you have bittorrent installed, feel free to try to download from me.

Re:Testing bittorrent

[khuber]

It worked -- thanks!

-Kevin

Comment removed

[account_deleted]

Comment removed based on user account deletion

Cant the randomness be predicted?

[happyhippy]

"At its heart is an advanced Random Number Generator (RNG) that uses random electrical noise on the chip to securely produce random number values" If you keep inputting the same electrical signals (thus the same paths are taken) can you deduce the algorithm and thus crack the encryption scheme it supplies?

Re:Cant the randomness be predicted?

[jmv]

No. Generally the idea of devices is just to amplify thermal noise. Thermal noise is produced at the microscopic level with atoms bouncing into each other. There's no way to predict that... unless you tap directly into the generator (in which case it's simpler to just get the data on the computer before it's encrypted).

Re:Cant the randomness be predicted?

[worst_name_ever]

Presumably not, or else it wouldn't be a very good random number generator.

What I'm interested in is whether or not there is any way for crosstalk from the zillions of other high-speed signals elsewhere on the chip to have any real influence, however slight, on the operation of the random number generator... if so, I wonder how long before the hax0rs will be trying to 0wn my RNG by writing fiendishly clever patterns out onto the address bus.

Re:Cant the randomness be predicted?

[happyhippy]

Damn it, forgot to insert a new paragraph tag.

Thinking about it more, why dont they simply use the random electrical noise level for the random number?
And isnt there a limited range of 'random' noise that can occur?

Re:Cant the randomness be predicted?

[plover]

The input is not supposed to be determined by the current state of the processor (insert obligatory Knuth state-of-sin joke here.) Their design consists of a set of freewheeling* oscillators: a ~600MHz oscillator that is then further "jittered" by a ~450MHz and an ~810MHz oscillator, sampled by a much slower ~30MHz oscillator. Their engineers assume that manufacturing variances, temperature, current processor state and other external factors will all contribute to this jittery response.

* Freewheeling means that these oscillators are not tied to a crystal, and the frequency they oscillate at is not precisely locked at any exact rate (as would be the case if it employed a crystal.) These minute variations in frequency are the source of entropy the chip designers are actually gathering.

The sampled bits are then "whitened" to reduce biases, and the whitened bits are stored in a FIFO queue until used.

The paper in the article explains all this, and it talks about a couple of other cool cryptogeek features. You can change the bias voltage via CPU instruction (which would affect the jitter,) but each request of "randomness" comes with a pedigree indicating what bias settings were used! Finally, Cryptography Research's testing showed that they believe the chip (with whitening enabled) is capable of generating bits with an entropy of 0.99 bits/output bit, although they recommend trusting only a conservative entropy factor of about 0.75 bits/output bit. And since it generates bits at a rate of 30-50 million bits per second, most applications can probably afford to throw away a few in the name of entropy.

Re:Cant the randomness be predicted?

[jihema]

> insert obligatory Knuth state-of-sin joke here. That was John von Neuman.

Re:Cant the randomness be predicted?

If it works like that, it can probably very easily be tricked into producing nonrandom numbers by inserting HF energy at these frequencies.
(i.e. put a transmitter nearby)

Re:Cant the randomness be predicted?

[plover]

If it works like that, it can probably very easily be tricked into producing nonrandom numbers by inserting HF energy at these frequencies. (i.e. put a transmitter nearby)

Yeah, there probably is an external way to "reduce" entropy (other than by using the provided mechanism to alter the oscillator bias voltage.) But that will require an attacker to have physical access to the machine, and enough time on it to sample the effects of his change in order to see what's happened because of it. Since these chips are already varying their oscillation rates due to manufacturing tolerances, heat, etc., just having one oscillator lock-up with a randomly placed attacking transmitter might not throw the chip off in a predictable manner (or at least in a manner that would be meaningful to an attacker.)

Re:Cant the randomness be predicted?

[theendlessnow]

Engineer#1: Man, this is one noisy chip. No one will buy this. Can't believe we messed up. We're gone for sure.

Engineer#2: Wait a minute... I have an idea...

Obligatory Dilbert Quote

[snillfisk]

ok, i couldnt find the original strip, but here goes from memory:

accounting troll: this is our random number generator
troll: 9
troll: 9
troll: 9
dilbert: are you sure that's random?
accounting troll: thats the problem with randomness, you really can't be sure.

.. and maybe that holds for your calculator too :-)

Re:Obligatory Dilbert Quote

[cscx]

That one graced my cubicle wall when I worked last summer... I still have the clipping somewhere... gotta find it!

Re:Obligatory Dilbert Quote

[ottffssent]

You *can* be sure whether it's random or not. "999" is not random. It may very well be randomly-generated, but that's not the same thing at all.

Of course, it's not that simple either:

If I have a RNG that spits a long string of the same number. Is the string random? Well, not really. So I take the string, and make sure it has the same number of each digit in it. But 1111222233334444 isn't random either, so now I make sure the same number of each pair occurs, so we've got as many 12s as we have 21s. 1234321234321234 still isn't random, so we check 3-digit sets. And at the end, I'm left with a string that is random, right? Well, it has known properties, namely that it has the same number of each digit (+-1), the same number of each pair, etc. So that's not random. But what about the original string of 8s? That's clearly not random. So what to do?

Re:Obligatory Dilbert Quote

[MisterFancypants]

You *can* be sure whether it's random or not. "999" is not random. It may very well be randomly-generated, but that's not the same thing at all.

I guess they don't have humor where you come from.

Re:Obligatory Dilbert Quote

[evilviper]

Random does NOT mean average. Something like flipping a coin is (almost) random... And as anybody knows, you can certainly hit tails 500 times in a row if you are LUCKY.

Re:Obligatory Dilbert Quote

[Ed+Avis]

"999" is not random.

In that case, 415 is not random either, nor is any other three-digit number. Or would you care to name the numbers in [0,1000) which you consider 'random'? Surely a random number generator is just as likely to generate 999 as 415 or anything else.

Re:Obligatory Dilbert Quote

[trezor]

In norwegian the strip is located in my Dilbert-archive.

Ofcourse I got an English archive as well, for you Dilbert fans out there!

Re:Obligatory Dilbert Quote

[oever]

Here it is.

Re:Obligatory Dilbert Quote

When you aer performing a trial like this you are testing the hypothesis that the coin was biased(weighted to one side for example). If you got tails 500 times in a row you would have to conclude that the coin was biased, it is unlikely that anyone has ever gotten 500 tails in a row with an unbiased coin.

Re:Obligatory Dilbert Quote

[evilviper]

If you got tails 500 times in a row you would have to conclude that the coin was biased,

And if you can thoroughly check the coin to ensure it is NOT biased?

it is unlikely that anyone has ever gotten 500 tails in a row with an unbiased coin.

Unlikely is exactly right. It is not impossible. If any sequence is impossible, or any more likely than another, it would not be random. So, it's just as likely that you will get 999999 as 123456 or 274579, or any other combination with the same numer of digits.

Re:Obligatory Dilbert Quote

How can you thoroughly check the coin, except by testing it over a large number of coin tosses?
But the point is those other sequences would not be caused by a biased coin (in a simple way), whereas something like 500 heads in a row would. I'm not saying you could certainly know that it was biased, but the probability that the coin was biased, or that there was a problem in the random number generator, would be much lower than the prob of getting that particular sequence.

Re:Obligatory Dilbert Quote

[radish]

The order in which the balls come out of the lotto machine is (afaik) random. However, the sequence 1-2-3-4-5-6 is just as likely to come up as any other. Does that mean it's not random? No.

One of the few accepted truly random physical processes is radioactive decay. It is however completely possible that 4 decay events occur, each exactly 2 seconds apart (for instance) - it doesn't mean our radioactive sample has suddenly broken the laws of physics.

Your arguments are frankly bizarre, as determing randomness on such a small sample size is impossible. As your sample size increases you can examine the statistical distribution of values, and come to a (increasingly certain) conclusion on the probability that the thing generating those values is truly random, but (IMHO) you can never be sure.

Re:Obligatory Dilbert Quote

[Spunk]

The hardware guy here in charge of our RNG has this hanging on his wall. Very appropriate :)

Re:Obligatory Dilbert Quote

[heffrey]

If any sequence is impossible, or any more likely than another, it would not be random.

Sorry to be a total pedant but this should read "If any sequence is impossible, or any more likely than another, it would not be uniformly distributed." A biased coin is an example of a random process for which some outcomes are more likely than others.

Re:Obligatory Dilbert Quote

[Threni]

I guess they don't have humor where you come from.

Or math lecturers.

Re:Obligatory Dilbert Quote

[evilviper]

A biased coin is an example of a random process for which some outcomes are more likely than others.

If the coin is biased, the process is not random.

random
3. Of or relating to an event in which all outcomes are equally likely

Re:Obligatory Dilbert Quote

[heffrey]

You should have included the entire dictionary.com entry which reads:

1. Having no specific pattern, purpose, or objective: random movements. See Synonyms at chance.

2. Mathematics & Statistics. Of or relating to a type of circumstance or event that is described by a probability distribution.

3. Of or relating to an event in which all outcomes are equally likely, as in the testing of a blood sample for the presence of a substance.

So, your statement "If the coin is biased, the process is not random." is contradicted by definition 2. In fact definition 2 and 3 contradict each other.

Mathematicians, probabilists and statisticians do indeed take the view expressed in definition 2 - random processes have outcomes which are more likely than others.

Truly Random Numbers

[polv0]

The ideal source for random numbers has always been physical sources, such as the white noise you see on your television screen when tuned to an unused channel. The noise is generated by remnants from the big bang, and is cryptographically unusable (since the numbers are recordable by anyone). But is a good test for statistical algorithms such as evolutionary computation (which depend on randomn initial states).

The idea of using electrical currents secured on a chip is much sounder - since the noise is locally generated and very difficult to tap. I project that as quantum mechanics become more mainstream, the random quantum effects of electrons will be tapped to generate even sounder and accessible random signals.

Re:Truly Random Numbers

[happyhippy]

I read that only like 5% of a static TV screen is the remenants of the big bang.

Re:Truly Random Numbers

The ideal source for random numbers has always been physical sources, such as the white noise you see on your television screen when tuned to an unused channel. The noise is generated by remnants from the big bang,....

Geez, you will think of anything to provide more "evidence" for the Big Bang won't you? How is it remnants of the Big Bang when each channel is a differnet frequency and that background radiation operates only on 1 frequency? Let alone the fact that it operates in the microwave range of the spectrum (and with a lot less power than a microwave oven).

No, that white noise on your tv is not 15 billion years old and from the Big Bang.

Re:Truly Random Numbers

[John+Miles]

The noise is generated by remnants from the big bang

A myth, for the most part. It's generated primarily in the front-end amplifier of the TV tuner by virtue of the fact that its temperature is above absolute zero.

All dissipative (resistive) elements, whether active or passive, generate thermal, or Johnson, noise. The noise power is expressed in watts as
Pn=KTB, where K = the Boltzman constant, T is the temperature in degrees Kelvin, and B is the bandwidth you're looking at. TV signals occupy several megahertz' worth of bandwidth, so even the smallest amount of noise in the front end will dominate the noise from atmospheric and celestial sources.

You can prove this by disconnecting the antenna. Even if you short the TV's antenna terminals with a paper clip, neither the audio nor the video noise will change much.

Re:Truly Random Numbers

How is it remnants of the Big Bang when each channel is a differnet frequency and that background radiation operates only on 1 frequency?

Are you trying to say the big bang was an exclusive, only available on NBC?

Re:Truly Random Numbers

[brokenbeaker]

There are also things like cosmic rays, which do come from outer space, but are produced in extreme events post-big-bang, such as novae, collapsars etc.

Re:Truly Random Numbers

[metalhed77]

yes, but isn't hte front end amp of the tv tuner just a remnant of the big bang?

Re:Truly Random Numbers

ooohhhhh.... deeeepp....

Where are my mod points?

Re:Truly Random Numbers

I disagree.

According to my prophesor, XN^v(1/3)/10^7=BAHC+c represents the best entropy. Where;
X is the resonation wavelength of an Xylophone of your choice,
N is the distance of a Nudie Bar from where you are at,
v is the number of vaginas in a meat^H^H^H^Hgirl's P.E. locker
B is the ammount of Bitches in your favorite Shakespear book
A is the length of your girlfriends ass-crack in centimeters,
H is the number of pet hamsters your gay English teacher has in is classroom
C is the duration of your Cock's hard-on after seeing Daphne and Scooby-Doo have gentle dogsex
c is the ammount of crap you see on slashdot, not counting this post.

And there you have it, from the words of my prophesor, Peter Goatse.

Re:Truly Random Numbers

[utexaspunk]

you made me smile. if i had mod points, you'd get 'em.

Re:Truly Random Numbers

[jafuser]

And the other 95% is from where?

Electromagnetic radiation from satellite debris?

Re:Truly Random Numbers

[p3d0]

Nice.

Re:Truly Random Numbers

It comes from people who don't read before commenting.

Randomness

[Viral+Fly-by]

Isn't it interesting how much importance we place on quote unquote "true" randomness of numbers? We expect (or at least hope that) a computer can generate random numbers time and time again without fail...

But any human being would prove horrible at such a task... In fact, if you ask a human being for 3 random numbers, odds are very good that they will give you at least two sequential ones...such as 7 6 2...or 5 9 8...

I guess that's the point of computers though...if we could all calculate as fast as a computer, process data as fast as a computer, and perform other tasks as fast and as well as a computer, we wouldn't need computers, now would we?

Random number generation is an interesting topic though because it is often seen as a fault of computers... People claim that computers are "incapable" of generating random numbers. So are human beings... I can understand a computer not being able to store a floating point number with a hundred digits after the decimal point being considered a fault, because FEASIBLY a human being COULD perform the operations and have the value exact out to a hundred decimal places. But with random numbers...a human couldn't do it even remotely as well a computer can, so why is it considered such a weakness of computers? Maybe the power of computers to break their own codes because numbers aren't truly random is the reason they are sought after in the first place.

Re:Randomness

Very true. Human brains can also be tricked easily

Example - If I ask you to "Pick a number between One and Four" about 90% of people will pick Two or Three.

However, if I instead phrase the question "Pick a number from One To Four" about 90% of people will pick Three.

Why? I verbalised the numbers One and Four, but also Two (To, Two, same thing) and the human brain trying to be random picks the one that wasn't mentioned.

Don't believe me? Try it on your friends.

Re:Randomness

Example - If I ask you to "Pick a number between One and Four" about 90% of people will pick Two or Three.

What, are the other 10% not listening to the question?

Re:Randomness

[brokenbeaker]

Actually, computers do not produce random numbers at all. They can only provide pseudorandom numbers. These are outputs of algorithms, but any sequence of such numbers is hard to predict unless you know the algorithm and a seed number used to generate the first number in the series.

Re: Randomness

[Omniscient+Ferret]

In fact, if you ask a human being for 3 random numbers, odds are very good that they will give you at least two sequential ones...such as 7 6 2...or 5 9 8...

I'd expect 1 in 3 odds of that happening anyway.

Re:Randomness

[Ptahian]

Here's 3 random numbers:

765,689,45,690,845,986,049,586,049,586,123,132,1 23 ,123,123,123,123
92,348,670,149,852,346,908,234,9 82,548,962,349,678 ,678,678,678,678,678
2,490,290,639,086,436,402,45 6,740,293,475,000,000, 000,000,000,000,000,000,000,000,000,000

-Ptahian

Re:Randomness

Some cosmic rays have apparently interacted with the slashdot server, moderating this drivel to (5, Insightful), obviously completely at random.

Re:Randomness

[Zaak]

Actually, computers do not produce random numbers at all. They can only provide pseudorandom numbers.

The whole point of hardware random number generators is to surpass the limitations of psuedorandom number generation algorithms. By periodically feeding thermal (or better yet quantum) noise into the pseudorandom seed you can get very good quality randomness.

TTFN

Re:Randomness

[MrMickS]

But any human being would prove horrible at such a task... In fact, if you ask a human being for 3 random numbers, odds are very good that they will give you at least two sequential ones...such as 7 6 2...or 5 9 8...

With a true random number generator then the pool of numbers is not altered by a pick. Consequently every possible number within the indicated range should have an equal chance of selection at each request for a new number. Under these rules a sequential number, or indeed the same number again, is equally as likely for the second request for a number. You are placing non-random constraints on the generator.

Re: Randomness

[Kalani]

Why 1 in 3?

Assume we're picking random integers and you've just picked N. So what's the probability of picking (N - 1) or (N + 1)? Well it depends on the range from which you pull random numbers and on whether or not N is at a extrema of the range. For a range starting at R[i] and going to R[f] (assuming (R[f] - R[i]) >= 2), the probability P that you'll pick a "sequential" value is: P = 2 / (R[f] - R[i]) iif R[i] N R[f]. Otherwise P = 1 / (R[f] - R[i]).

Re:Randomness

You also asked a *different* question. A lot of people would view the first as exclusive, and the second as inclusive. Thus, you've changed the pool of choices and the fact that 90% choose either 2 or 3 is meaningless, since those would be the only correct answers.

Re:Randomness

[invi]

In fact, if you ask a human being for 3 random numbers, odds are very good that they will give you at least two sequential ones...such as 7 6 2...or 5 9 8...

Well, if every tripple of digits would be different from all the previous tripples, the entropy of the 1000th tripple would be pretty low, because it's got to be the remaining one, right? :)

Re:Randomness

[Alpha_Nerd]

I guess that's the point of computers though...if we could all calculate as fast as a computer, process data as fast as a computer, and perform other tasks as fast and as well as a computer, we wouldn't need computers, now would we?


We need computers for porn. Nothing could ever possibly substitute computers in that regard.

Re: Randomness

[dave_f1m]

I'd expect he was considering (9,0) and (0,9) to be sequential. So 1-(1-((10-2)/10))^2 = .32 - or approx. 1/3.

- dave f.

Re:Randomness

[dunkstr]

But any human being would prove horrible at such a task... In fact, if you ask a human being for 3 random numbers, odds are very good that they will give you at least two sequential ones...such as 7 6 2...or 5 9 8...

Yes, but the odds that a truly random process would do the same thing is just as high. The chances you DON'T select two consecutive numbers are 10 (first digit) x 8 (second digit) x 8 (third digit) = 640. Thus you have a 36% chance of picking to sequential numbers.

If you want to get rid of dupes as well you have 10x7x7 = 490. Thus a 51% chance you would pick a "non-random" number! I think the problem with people's random numbers are that they go out of their way to avoid such sequences.

Re:Randomness

[poot_rootbeer]

if you ask a human being for 3 random numbers, odds are very good that they will give you at least two sequential ones...such as 7 6 2...or 5 9 8...

A single number in isolation cannot be random. It's the sequence of numbers that determines randomness -- if the sequence can be predicted, they are not random.

I think you're confusing 'sequential' with 'consecutive'. What number comes after '7,6,2'? Can you guess?

Re:Randomness

People claim that computers are "incapable" of generating random numbers. So are human beings...
I can flip a coin; my computer can't. Of course flipping coins isn't completely random, but with a bit of practice it's random enough for use in cryptography for sure.

Of course I suppose technically someone could build a coin-flipping robot arm for the computer, but that would just be silly.

Re:Randomness

[FryGuy1013]

I think you're confusing 'sequential' with 'consecutive'. What number comes after '7,6,2'? Can you guess?

4

Re: Randomness

[Omniscient+Ferret]

What Dave said. I considered 0 & 9 to be sequential because it made the math cake: the odds were 0.8 * 0.8 that the numbers wouldn't be adjacent, or .64. If I had some paper around, I'd work out the odds, but it's easier here to run a couple of scripts to list 000 to 999 & cull out 01, 12, etc: .326 if you don't count 0 & 9 as adjacent, .36 if you do.

Hm. It's probably best that I did the empirical list; math-wise, I'm staring at odds of 0.3276 (1-((.8*.8+.2*.9)^2)) and wondering what I'm forgetting.

A Better System

[lommer]

would be to use radioactive decay to generate random numbers. Very easy to implement using existeng technology, one of the few things that is completely random, and it's infinitely scalable to boot. A system I envision would simply moniter a radioactive sample for 1000 milli or micro seconds. Every sample time, it would record the number of fission events and if even, turn a bit on, if odd, turn the bit off. Then withing the space of a second you have a 1000 bit-long number that is COMPLETELY random.

With this system perhaps it's possible to emulate the electric fields that generate the random number. Admittedly, with any complexity at all (as in a chip) this becomes impractical to do, but hey, why go for almost random when you can have truly random?

Re:A Better System

[gordyf]

I was under the impression that the problem with a system like you described, is that after a geiger counter detects one event, there's a short period of time during which it's unable to detect another. That limits the entropy of the events and the speed at which you can pull random data from it.

Just a thought.

Re:A Better System

[Christopher+Thomas]

A better system would be to use radioactive decay to generate random numbers. Very easy to implement using existeng technology, one of the few things that is completely random

Your proposed method would be slightly skewed, as the half-life of the material would give you an "expected" number of events in your sampling period, which would cause the result to lean towards either even or odd. The effect would be small, but present.

An alternative approach is to have two detectors, and see which one triggers first. While that method would have no systemic bias, removing intrinsic bias from differences in the samples would be difficult.

The system in the new C3 chip, though, is also completely random if they designed it well (i.e. amplified thermal noise and rejected other noise sources). You have biasing problems, as with any other system where matching is important, but these can be overcome. Noise injection from other parts of the system is the thing to watch out for here.

In summary, purely electrical random number generators can be just as random as your proposed scheme, and your proposed scheme is not significantly easier to implement.

Re:A Better System

they have this .. you can buy a card for your PC. Be prepared to pay a lot of cash for your paranoia.

Re:A Better System

[Sevn]

The beautiful thing is that nothing is truly random
at all. It's a convenience to think that way.
Eventually everything will get cracked down to
accurately predicting the paths of atomic particles
in decaying radioactive substances.

Re:A Better System

intrinsic bias?

use one sample, two detectors, one on the top and another on the bottom, AFAIK what triggers one can't trigger the other, esp if the sample emits beta instead of gamma rays.

Re:A Better System

god really doesn't play dice with the universe?

Re:A Better System

[plover]

John Walker's HotBits already compensates for the slow decay bias by alternating the meaning of 0 or 1 between each event. But as a previous poster mentioned, he has to power the geiger counter tube down when not used in order to reduce saturation problems when the gas becomes completely ionized.

I don't know that the random number generator that they've described could ever be "just as random" as radioactive decay, but it looks like it can probably be made "good enough."

Re:A Better System

Along similar lines, a system using visual noise rather than radioactive...

Re:A Better System

[Christopher+Thomas]

intrinsic bias?

use one sample, two detectors, one on the top and another on the bottom, AFAIK what triggers one can't trigger the other, esp if the sample emits beta instead of gamma rays.

And that is a close variant the system that I proposed for radioisotope random number generation.

The original poster suggested counting the number of events that occurred within a predefined period and looking at the least significant bit.

Problems with the two-detector system with one sample are in making sure that both detectors are equally close to the sample (no variation in intermediate laters), and that they are treated in the same way electrically (which is difficult to guarantee, though you have the same problem - as mentioned in my post - with purely electrical RNGs).

Re:A Better System

[Christopher+Thomas]

I don't know that the random number generator that they've described could ever be "just as random" as radioactive decay, but it looks like it can probably be made "good enough."

As long as neither system has unwanted noise sources, both are perfectly random. That matches my definition of "just as random" :).

As for unwanted noise, both systems are suceptible to noise from many sources.

Re:A Better System

[ronys]

A couple of points:

Do you really want to add radioactivity to the list of issues that need to be addressed when disposing an old PC? (Yes, I know that the radioactive source would be too weak to be dangerous - try explaining that to a greenie)

All radioactive sources decay with time. This means yet another limitation on the lifetime of your PC. Worse, the failure mode is less benign (and more subtle) than the clock not keeping time...

Re:A Better System

[eggstasy]

Ever heard of Heisenberg's Uncertainty Principle, or better yet, Chaos Theory?
You are basically mistaken, because measuring things alters them. We don't live in a deterministic world. I can't explain it very well to you because I am not a physicist or anything like that, but I know that very smart people have written long and detailed mathematical proofs about it, so if you could make your way to the nearest scientist im sure he will be glad to explain it.

Re:A Better System

[Rutulian]

Your proposed method would be slightly skewed, as the half-life of the material would give you an "expected" number of events in your sampling period, which would cause the result to lean towards either even or odd. The effect would be small, but present.

Actually that would only be true if the sampling time was about equal to the half-life. Extrapolations from the half-life become much less reliable with smaller sampling times. So if you use something like plutonium, which has a huge half-life, and a sampling time of 1 second, you will get a distribution that is quite random. It would be pretty easy to set up too. All you need is a gas-filled detector in the GM region and some electronics.

Re:A Better System

[anthonyrcalgary]

Your proposed method would be slightly skewed, as the half-life of the material would give you an "expected" number of events in your sampling period, which would cause the result to lean towards either even or odd. The effect would be small, but present.

I can think of many solutions...

-Use an isotope with a really long half life, like Uranium. The change over the life of the device would be trivial. There are problems, like other atoms becoming radioactive, and isotopes in the decay chain having different half lives, but I think the bias could be kept small, like one bit in millions.

-Constantly recalibrate by keeping a history of the last N decays, where N is large enough to converge on the actual number sufficiently well, but small enough that if the device was captured it will not reveal what numbers you've generated. Adjust your interval accordingly. The calibration may be biased, but the bias itself will be random and changed with each decay.

-Count the time between decays, and generate bits by comparing the length of the intervals. If the second is greater, the random bit is a 1. If it's less, it's a 0. I think you could safely alternate between 0 and 1 on equal times, but don't take my word for it. This method would be the best, but half as fast.

Re:A Better System

[chefren]

I understand that a lava lamp, a digital camera and an image analysis program would be able to generate excellent ramdom numbers. Lava lamps could therefore actually have an excuse for existing.

Re:A Better System

[Sevn]

Ok,
The more precisely the position of an object is determined, the less precisely the momentum is known in this instant,

If that's what you think you are talking about.
That doesn't do much to change the fact that
technology is progressing at a very rapid rate.
I'd think that we'd be able to accurately predict
the movements of every paths of atomic particles
in decaying radioactive substances maybe, one at
a time in the next century. I'm not saying we'd
be able to accurately predict the movement of
every single atom in the universe. If I had said
that, the uncertainty principle would apply. I
don't even think it's unrealistic that we'd
progress beyond that to the point that we could
track the movments of a few million atoms at the
same time. It would figure we'd make that jump
eventually. In fact, something like the uncertainty
principle will probably make a lot more sense when we get
that much closer.

Re:A Better System

[Sven-Erik]

In a book I read about the Norwegian secret services work during the cold war where they in the 1950s started to use geigercounters to record background/cosmic radiation as a numbergenerator and basis for the generation of their one-time pads.

Re:A Better System

This is really totally unworkable. VIA is trying to manufacture a cheap, cheap chip. Why would they want to mess with integrating radioactive material and detectors into their processor, when a simple overloaded transistor is just as random?? Really! Removing bias is a solved problem. The only place it's very difficult to generate random numbers is in pure software.

Re:A Better System

[John_Booty]

Like my dual Athlon system doesn't run hot enough already... now you want me to put a decaying isotope in there as well? :-P

Re:A Better System

It would be pretty easy to set up too. All you need is a gas-filled detector in the GM region and some electronics.

You seem to have missed the part about aquiring a lump of Plutonium to put into your generator :)

Re:A Better System

[eggstasy]

Like the anonymous poster said, you are mistaken.
My knowledge of physics is basically what I learned in high school many moons ago, but please don't let our present scientific progress dazzle you into thinking that science will eventually make anything possible. You are being unwise in putting too much faith in the scientific method. Several of our greatest thinkers seem to believe that exponential growth, be it in science or anything else, is unsustainable in the long term, and so it will eventually, at best, level off and become logarithmic.
Besides, it's not like we've advanced a whole lot lately:
While it is true that computer speeds have advanced exponentially, other fields have grown only moderately and some have not experienced much growth at all.
Getting back on the topic, IIRC the uncertainty principle claims that you cannot accurately measure the position and velocity of a particle, because measuring one changes the other.
By velocity I dont mean scalar speed but both the speed and the heading of a particle.
If you know where a particle now is with any degree of accuracy, you cannot determine where it is heading, and if you know where it is heading (eg. "north"), you cannot know precisely where it is now. So you end up with a cloud of probability where you know that the particle has a different chance of being in a different part of a general, largish area.
I strongly suggest that you seek someone more knowledgeable than I am, so that they may better enlighten you about these fundamental matters.

Re:A Better System

[gweihir]

This is really totally unworkable. VIA is trying to manufacture a cheap, cheap chip.

Exactly! This Geiger-counter method pops up every time randomness is discussed, but it is possibly the worst way to aquire truely random bits in practice! Skew is _not_ a problem, people! Just hash e.g. 512 Byte together with SHA-1 and there will be no skew left if more than about 0.05 bits of entropy can be found in a bit of output. Or XOR enough bits together for the same effect. By the same argument the processor randomness generator is already very good if it produces something like 0.1 bit of entropy per bit delivered. Especially with the speeds you get from the described RNG.

Termal noise or junction noise are both quantum mechanic effects and are perfectly valid sources of true random noise that can deliver high amounths of entropy in a short time, in sharp contrast to the Geiger-Counter method. And these two types of noise can be produced extremely cheap and reliable.

Re:A Better System

[gweihir]

The beautiful thing is that nothing is truly random at all.

We are talking Crypto here. Randomness is not needed for Crypto. If it is unpredictable, that is quite enough.

Re:A Better System

[Christopher+Thomas]

This is really totally unworkable. VIA is trying to manufacture a cheap, cheap chip. Why would they want to mess with integrating radioactive material and detectors into their processor, when a simple overloaded transistor is just as random?

I believe this was my _point_.

Grouse at the parent poster, not me.

Re:A Better System

It is clear that there is a great deal of misinformation, miseducation, and undereducation surrounding the subject.

First and foremost, the claim that radioactivity always generates "better" random numbers is purely fiction. A firm example of this occured in Hiroshima, where the activity peaked so high that no dectector then or now would have been able to determine individual events.

Second, while it is commonly believed that entropy exists, no proof has ever been made of this. Entropy is just a theory, albeit one that is likely true.

Third, it appears that very few people actually read the paper.

Fourth, what is actually important is not whether the system has real entropy, but whether the outputs can be guessed by knowing certain things. In this case those things are the state and history of the computer, and the exact chip.

Taking these into account, radioactivity based RNGs are not very good for your average home computer (mostly due to cost). In contrast to this the Intel generator probably took less chip real estate, and generated something much closer to real entropy (although it lacked the built-in corrector of the VIA).

The VIA generator appears to me to be somewhat weak. In fact if you look at page 9, the diagram at the top reveals the bulk of the behavior that can expected. The behavior outside of this will be primarily due flaws in the oscillator. You will also see on page 13 an equation is given for entropy, this equation is used incorrectly. The equation itself is actually correct, but it assumes that you have the BEST POSSIBLE predictor, something that it is extremely unlikely that Cryptography Research found. Page 15 shows exactly how bad their computations were. The entropy statement claim puts the entropy at generally >.95 bits of entropy per bit, even though their predictor succeeded generally >60% of the time. This demonstrates that the von Neuman generator is necessary to blind the generator to make it even remotely functional for most purposes.

There is also a gross mistake made in the continual use of the word "apparent," this appears to be their favorite weasel word. There are continual mistakes made such as "16-bit framework could be intrinsically more predictable than others" which simply can't be true. If it were true the attacker would simply attack 16 bits at a time. Cryptographic attacks don't behave the way you want them, they work like the attacker wants them.

In addition it appears that their predictor behaved in such a fashion that it assumed the first bit was purely entropic, this leads to a huge bias in their numbers. They begin to weasel out of this on page 16 by saying "It is important to note that other bit positions would probably be just as predictable, if we kept a larger context of adjacent bits on which to base our predictions." They go on to say that you should assume that all bits have the worst predictability, and then fail to supply that information. Most likely this information was most damning for the actual outputs.

In truth the clock comparison generators are generally very poor examples of RNGs. Clocks are designed to be as close to prefectly stable as possible, having a constant drift, etc, this applies to every clock I know of that has ever been implemented in a computer, or any digital design for that matter. The entropy is completely consumed in the first few bits, and the rest are actually extremely predictable. The use of a von Neumann corrector itself represents a questionable cryptographic decision. A far better decision would be to consume a bit more space and actually use a cryptographic hash, even a 32-bit CRC, or borrowing ECC from RAM would be superior for most (if not all) generators.

Now for the radioactive problems. Radioactive generators are enormous, at least compared to the alternatives. They are expensive. They are wasteful. They bias numbers for themselves. Those that have a long enough half-life, have too long of a half-life. The best option I've seen was a sm

Re:Cool but...

That laptop was running the old (Ezra-T) core with a half-speed FPU. This is the new (Nehemiah) core that has full-speed floating point. It's yummy :-)

What ever happened...

[Xeth]

To the good old days of RISC processors? I'm tired of all these random additions that are cluttering up modern dies...

Man...

[Obiwan+Kenobi]

Man, you know you're hardcore when you get excited about a built in random number generator.

Sample convo after purchase:

[girlfriend] Honey, what is that?
[you] (with great awe) The Vee-Eye-Aye Nehemiah C3 CPU with-
[girlfriend] How much did that cost?
[you] Wait, lemme finish-
[girlfriend] Rent. Where is it.
[you] But it has a-
[girlfriend] You are not going to tell me that you spent our next month's rent on that *censored* piece of plastic.
[you] (correcting happily) Silicone!

You stare off. Slowly, you speak.

[you] But it has a...random..number...generator. For strong...uh...crypto. You know, cryptography? Big numbers? Random?

*the sound of footsteps trail away from you*

[you] Honey?

Re:Man...

"Oh yeah!?!??! Well it only cost 1/20th as much as that diamond ring you bought yourself with my money!"

Re:Man...

Get it right man, it's pronounced Veeahh!

Re:Man...

[WD]

[WD] (correcting angrily) Silicon!

Re:Man...

[localghost]

I believe he was commenting on his girlfriend, not the chip.

Re:Man...

Actually, after "How much did that cost?" come the response "ten bucks" and the conversation ends. It is a C3, after all.

Re:Man...

[Captain+Large+Face]

ERROR: Unknown variable "girlfriend" encountered at line 1.

Re:Man...

[you] (correcting happily) Silicone!

That would be 'silicon'. 'Silicone' would only be interesting in the [girlfriend] ;)

Re:Man...

Sounds like someones got a lame (ex)girlfriend. Mines got a MS in math and is a Digital Coms expert.

Re:Man...

[be-fan]

[you] (correcting happily) Silicone!
>>>>>>>>>
That would be your girlfriend. CPUs are made of silicon -- no 'e' at the end.

What does this mean?

[Tom7]

I don't understand what your post means...

> If a machine can not generate a truly random number (not seed based)

That's true, a deterministic machine can't generate a "truly" random number by definition. On the other hand, we can generate numbers that are cryptographically strong (infeasible to distinguish from "true" random numbers) on a deterministic machine, and we can build nondeterministic machines. This is about a nondeterministic machine.

> ... and is not turing complete

"Turing complete" refers to the computational power of a language or programming model -- that it can express any program that a turing machine can express. A turing machine can compute anything that we know how to compute, so saying that a machine is turing complete means that you can code any computable task on it. No machine is truly turing complete, because all machines are finite, but we think of basically everything that can compute (including humans) as turing complete.

So, what does this have to do with artificial intelligence? Do you mean turing test?

> can it be called Artificially Intelligent?

Probably not, since nobody has written a computer program yet that we would think of as "intelligent."

Re:What does this mean?

[sco08y]

I wrote a program that intelligently replies to Slashdot posts:

10 PRINT "You fucking kharma whore!"
20 PRINT "How the hell is that +5 funny?"
30 PRINT "Quit fucking bitching about Slashdot posters!"
40 GOTO 10

This may only aply to CmdrTaco

The only guy here with a confirmed significant other.

Then again, her leaving could be a Good Thing(tm).
Blech.
I would hate to get a BJ from THAT!

Re:+5 insightful!?!?!

dumb bastids - you wish you knew what you were talkin about...

finite state machine

[shird]

This is awesome, but I feel it kind of skews one of the great things about CPUs. Presently, the same piece of code, run a million times, will always produce the same outcome, and follow the same path of execution (providing it accesses no hardware - ie, no io instructions). With the addition of this instruction, you no longer have this fixed execution path.

Still, with IO this 'problem' exists anyway (although only at ring 0 -intel). It just makes it difficult for heuristic anti-virus progams, and debugging etc, when the path of execution can be arbitrary. Nonetheless, I think its a cool concept, and great its being done at ring 3.

Re:finite state machine

[shird]

note - by 'finite state machine' - I think I meant 'deterministic' or something :) not great with terminolgy, but at least I know what I mean.

Re:finite state machine

[jhunsake]

No, you know nothing. Get a fucking clue.

Re:finite state machine

unfortunately, being a cpu debugger myself, cpu is not a finite state machine (unless it is in a isolated enviroment) motherboard will snoop and interrupt processor and any giving time and cause the state of the machine to be abritary.

Re:finite state machine

[mrpotato]

I second that. The original poster doesn't have a fucking clue.

Re:finite state machine

The fact that this is moderated down and the original post is moderated up shows how totally clueless most Slashdot readers are. The original poster wrote something completely meaningless. He would laughed at hysterically if espoused such thoughts at a "theory" conference or at a computer engineering conference. Yet here on Slashdot, people actually thinks he has a fucking clue, which he doesn't.

Re:finite state machine

No, the reason the person was moderated down as a troll was because the post about the person having no clue was a personal insult with no meaningful content. If "jhunsake" went to the effort to explain why the original poster did not know what he was talking about instead of composing a post with cuss words and zero meaningful content, he very well could have been moderated up instead of down.

Personal insults run the risk of being moderated down here.

Re:finite state machine

They both should be modded down.

Re:finite state machine

[jhunsake]

while i agree he shouldn't have posted a personal insult, asking him to refute such a stupid comment is not a worthy request

anyone with a cursory knowledge of computers knows that the original poster was trolling more than anyone else

Re:finite state machine

[jhunsake]

Replying to the wrong post again..? You're the dumbfuck!

Re:finite state machine

[jhunsake]

Alright someone is using my account. Wonderful!

Re:finite state machine

[jhunsake]

No one is using your account, schizo!

Re:finite state machine

[shird]

No, I wasn't trolling. My point was, existing RNG are implemented using IO, which can only be done at ring 0. Hence, a driver plus common API etc would be required to use it in an application.

By having a ring 3 'user space' instruction, any application can use it. A pure ring 3 application is possible to be determinstic/finite because interfacing to anything arbritrary wasn't previously possible. All instructions other than IO were previously deterministic/finite (including memory access), and IO calls are privleged instructions. Now, there is a ring 3 instruction which doesn't exhibit this behaviour.

Re:finite state machine

[be-fan]

Um there are lots of indeterministic things in ring3. The TSC (Timestamp counter) calls, for example. Timing between external interrupts. Hell, even the IO port instructions can run in ring 3. Otherwise, X wouldn't work.

Re:finite state machine

[p3d0]

I guess you've never worked with an SMP?

Re:finite state machine

eheheheh

Beware this

[WetCat]

1. A good hardware built-in RNG introduced
2. Everybody starts using it
3. Some guys in a CPU company change it to not so good
hardware RNG (for example f(x)=exp(sin(x)) etc)
4. ...
5. Profit?!

Re:Beware this

[Steven+Blanchley]

I somewhat doubt that would lead to profit. But is it really a security concern? I would imagine that if you are generating random numbers for crypto, you at least know what CPU you are using and can be sure it's not a cheapo knockoff with a crap PRNG.

Re:Beware this

1. Shut
2. The Fuck
3. Up!
4. ...
5. Everybody else profits.

Re:Beware this

you bring up a good pointt. There is no way for the private citizen to reliably audit the randomness of this device. It's important for corporations that care about corporate espionage to make sure that the CPU they have was not altered to produce non random results. That is, a competitor/enemy may "influence" Taiwan based Via to alter the crypto mechanism for a particular target buyer. Therefore, if you're a paranoid corporation or government it's prolly in your best interest to use this CPU based system as only a part of a more complete entropy gathering system for cryptography.

Random Numbers?

[blitzoid]

I've got your random number RIGHT HERE...

5,246,549!

Re:Random Numbers?

Interesting the numbers you gave for the random number. An earlier post was talking about the difficulties human beings had when sprouting out random numbers. In particular tehy mentioned the predisposition to use consecutive numbers.

Anyway - presuming your number - 5,246,549 - was a number you picked out of nowhere lets have a look at it.

5 - nothing special about that - could be random, perhaps not

246 - we have two patterns here - obviously the 2-4-6 x+2 type pattern, but also a 2+4=6

549 - well we have the consecutive numbers here 5-4, but we also have a 5+4=9.

I would think that 2-4-6, 2+4=6 and 5+4=9, are the types of arithmetic associations that could well exist subconsciously i.e. I know 5+4=9 whereas I don't inherently know that 38576+38327 = whatever.

In sprouting forth 7 random digits, we see that the patterns really aren't entirely random, but could well be based on numerical sequences you are subconsciouly aware of.

Then again - you might have one of these fancy VIA processors and got the number that way.

They should hire my girlfriend

[mao+che+minh]

Despite my best efforts at randomly naming folders and subfolders, and randomly placing permissions on them, and then randomly naimg the files without any type of extension on them, my girlfriend is able to quickly locate and identify my porn - even though she barely knows how to operate a computer in general, let alone Linux. She is a natural at breaking encryption.

Re:They should hire my girlfriend

[YetAnotherDave]

um, try actually encrypting it (lots of solid encrypted loopback FS options these days).
If she can crack that, DON'T LET HER GET AWAY, she will make you both very wealthy...

Re:They should hire my girlfriend

you have a girlfriend. You shouldn't be NEEDING porn in the first place, unless the two of you make it yourself. Unless you replace "girlfriend" with "woman whose birth canal I came out of"

Re:They should hire my girlfriend

maybe his girlfriend is a fat, ugly slob

Re:They should hire my girlfriend

It works better if your porn directory isn't the only randomly generated directory name on the PC...

Re:They should hire my girlfriend

um, i can find all the porn on any computer with and OS with one search.

just look for any file, or files, over 100 MB. poof, theres yer porn.

Try storing it on an UNMOUNTED, encrypted partition.

Re:They should hire my girlfriend

that'd just bring up a heap of tv eps

Re:They should hire my girlfriend

[radish]

Just goes to show - Security through Obscurity doesn't work!

Re:They should hire my girlfriend

Clearly you have no clue what it's like to have a REAL girlfriend.

Re:They should hire my girlfriend

[be-fan]

Did you go and do something stupid like give your girlfriend root?

PS> Now that I think of it. That kinda sounds like a venereal disease...

Re:They should hire my girlfriend

[Mignon]

Security through Obscurity doesn't work

This makes me wonder if the creators of feckfeck, as referenced in Anger as a Software Design Philosophy were thinking of implementing security through obscenity, though it sounds like this fellow is looking for security for obscenity.

42

[SHEENmaster]

I don't know if this is logical or psychological, but I notice 20+ occurences of the integer 42 daily. 9/10 that I look at my watch it's xx:xx:42, the lunch bell rings at xx:42:xx, it shows up in my Physics 2 book, etc.

Just to keep this on topic, what's the difference between /dev/random and /dev/urandom aside from timing? Is one more secure? Does one use more possible bitvalues while the other sticks to text ones? Is one present in more unix flavors?

Re:42

[gordyf]

As far as I know, /dev/random gathers real entropy data from events occuring around the system - incoming network activity, keyboard strokes, mouse movement, etc... /dev/urandom, however, is a traditional prng, and not actually random. This allows it to be much faster, but /dev/random would supposedly be truly random.

You'd use /dev/random for generating random data for, say, generating a key.. but /dev/urandom would suffice (and be far, far faster) for wiping data off a drive (cat /dev/urandom > /dev/hda).

Re:42

http://www.uni-koeln.de/rrzk/sicherheit/ssl-ca/dev random.html

Two minutes with google searching on:
difference /dev/random /dev/urandom

Executive summary: /dev/random might make you wait if too many numbers have been read from it already.

Re:42

[jhunsake]

No, /dev/random blocks when it doesn't have enough entropy. /dev/urandom doesn't block when it runs out of entropy, it just switches to an algorithm.

Speed has nothing to do with it.

Re:42

[jhunsake]

2 seconds on a unix box: man random

Re:42

[maelstrom]

Actually the network activity is not used as an attacker could control that. However there is a patch that allows you to optionally add that feature, so you weren't entirely off base.

Re:42

[packeteer]

I tend to see 69 all over the place. Does that mean im a pervert or do the hairy palms already give it away.

Re:42

Hairy palms. YOU WATCH FRODO TOO MUCH.

Sir, step away from the television..slowly, that's it..good! /tackles nerd, rapes his asshole

Re:42

[Ralph+Wiggam]

You've seen 20 instances of 42 because you've been looking for the number 42. It's like numerology, you disregard the other thousands of numbers you see every day and focus on the ones you want. When you look at your watch, you see it count :39, :40, :41, then :42 and say to yourself "Damn, there's another 42."

-B

Take a look a HotBits

[Styx]

John Walker, the founder of Autodesk, has made a system like that, from which offers random bits:

HotBits

Re:Take a look a HotBits

[1984]

It's paranoid to point it out, but you'd be very, very silly to use an untrusted source of random numbers in any cryptographic application.

'Course this might be dead handy for other things.

External hardware RNG

[starman97]

Atom-Age made a hardware box that produced 64K of random numbers with
every character entered in the serial port. They spent a lot of time
isolating each stage to ensure no noise got to the thermal noise
generator /amplifier. There was no whitening or other tricks played
to make the numbers 'more random' There were 3 sets of batteries,
a 9V for the noise source, C Cells for the microprocessor, and D cells
to run the serial interface. The whole thing was encased in a steel box
with sheilding around the connector and indicator lights. Analysis of
the numbers showed very good randomness.

Unfortunatly at $200 it never really sold well.
They did release the code in the processor for inspection,
I'm not sure about the schematics, probably not.

Random yes, but

[jasonditz]

When will Microsoft support this chip feature in Quickbasic?

I'm tired of RANDOMIZE TIMER ing, dammit!

coin tossing

[wattersa]

Perhaps you are referring to "Benford's Law". I'm not quite sure of the link between his theorem and coin tossing, but it's interesting nonetheless. The strangest thing is the number of triples, quadruples, and even higher strings that can be expected from a 200 flip session. I remember this in the context of the SAT, because apparently they purposely avoid have multiple strings of the same answer precisely so people have one less way of guessing the right answer. If I were to fake a coin toss session, I would put in at least one string of six, two strings of five, several strings of four, a bunch of strings of three, and many strings of two.

32! 98! 43! 12! 0! 3! 453!

[stratjakt]

392! 3892! 7489!

feel free to use any of those if you're short on cash and cant upgrade just yet.

THEY ARE ALL OPEN SOURCE - FREE AS IN I'LL SUE YOU WHEN YOU GOT MONEY TO PAY!

Re:Cool but...

[sconeu]

And why, exactly would the lack of a good FPU affect compiling?

A Cheaper System

[plover]

They're probably using electrical noise for both performance and cost reasons. The rate of decay of a safe amount of radioactive sample is quite slow compared to the amount of entropy you might be able to derive from it. (If the sample were decaying at the rate you suggest in your posting, you'd probably want to be wearing a lead codpiece if you were to sit in front of it. :-)

This VIA chip is producing 30-50 million bits per second.

Also, each radiological decay event would have more potential to cause bit rot in your normal CPU, memory or other chipset's operations.

John Walker is already doing exactly this, producing random bits with a system he calls HotBits. Take a look at this page for his system and a good explanation. Of course I also think it may help to live in a castle with a 1-meter-thick-concrete-lined cistern located three-basement-levels-down to stick your Krypton-85 source in...

And while using nuclear decay would raise the geek factor so high as to be measurable on a geiger counter, the manufacturing and disposal licensing and other handling problems that would accompany any usage of nuclear materials would be more than onerous for any company that had an economical alternative.

Is it really so new?

[stj]

I remember when Cyrix had it's 100MHz CPUs with huge fans and everybody tweaked them to 133MHz, every long-term calculation on that involving FPU would give random numbers as the result...
So, where is the novelty? ;-)

Re: Is it really so new?

[Black+Parrot]

> I remember when Cyrix had it's 100MHz CPUs with huge fans and everybody tweaked them to 133MHz, every long-term calculation on that involving FPU would give random numbers as the result...

Bah, the early Pentiums would do it without the need for overclocking.

Encryption != privacy

Please know that encryption does NOT lead to privacy. At best it may lead to data protection, but that is only a small part of privacy.

Besides, a poorly implemented hardware RNG can also create a security hole.

Re:Encryption != privacy

you're an idiot

"OT" (quote, unquote)

[scotch]

Isn't it interesting how much importance we place on quote unquote "true" randomness of numbers?

You know, when you're able to use quote marks (" for example) in a written medium, you really don't need to spell out quote unquote as well. It really just doesn't make any sense - we can see the quote marks you used, spelling that idiom out doesn't add anything. People sometimes say "quote unquote" because you can't see the quote marks in their speech. Even this practice is ill-advised as it makes one sound like a drooling marketdroid (e.g. "At the end of the day, we need to quote unquote actualize profits by exceeding expenses with net income in order to meet quote-unquote business objective. Take an action quote-unquote item").

This is the most bizarre thing I've seen all day. Please don't do it again. Thank you.

Re:"OT" (quote, unquote)

[infiniti99]

Interesting, just last week I was writing a post and came across this issue. As I was saying the content in my head while writing it out, I stumbled on "quote unquote". You see, in my head I was saying those words, but since it surely wouldn't look right as text, I type real quotes.

Problem is, reading back the text that had real quotes just didn't have the same kind of flow as a spoken message using the silly "quote unquote" substitute. They each come across in a slightly different way. I couldn't find a way to represent the flow I wanted, so I ended up canning the idea of quoted text entirely, and wrote around it.

Re:"OT" (quote, unquote)

[cluke]

Same sort of thing with hand-written smilies. I was writing a note and was about to end on a colon-hypen-bracket smiley when I realised I could just draw an actual smiley face.

But I could not do that either - it looked too damn gay.

Re:"OT" (quote, unquote)

[be-fan]

Thinking that hard? For a Slashdot post?

Re:"OT" (quote, unquote)

STFU. You are an idiot. End of story, period.

Re:"OT" (quote, unquote)

[jovlinger]

shouldn't that be "Take an action quote-item-unquote, Suzy"?

Otherwise you're quoting the space in front of the word. Alternatively, you'd need to provide a counter, so you could disambiguate "Take an action quote-unquote-one item, suzy" which quotes only item as opposed to quoting item susy (quote-unquote-two)? Since you're now using quote-unquote as one terminal, you might as well drop one of them, and just use quote-two.

Don't even get me started on making little Rabbit-Ears with your fingers when you talk. Makes me violent just thinking about it.

Re:"OT" (quote, unquote)

[jovlinger]

Oh wait, my counting version only works with atomic numbers. A statement like "I'd like quote-unquote-one thousand items..." leaves it ambigious whether you mean to quote the next 1000 words, starting with "items" or whether you want to quote "thousand".

Oh bother. I propose we move to a fully parenthesized prefix syntax.

Re:Cool but...

[rrkap]

It's the Ezra core that has a 1/3 speed coprocessor. The newer core doesn't have this feature. Besides, if you aren't running CAD or playing 3D games, you don't use the math co that much.

The artist formerly known as Palladium?

[DarkVein]

A good RNG sounds nice and all, and there's no doubt good crypographic benefits to these features.

I can read the good features well enough. I mislike parts of the language, however...

Does this impliment any of the subversive elements of the architecture formerly known as Palladium? [now called "next-generation secure computing base", because "Palladium" is far too easy to get a linguisticly-controlled mental handle on]

The C3 processor has had my interests in the form of EPIA. However, I'd sooner burn in hell than put a Canadian penny towards Palladium, as proposed by the TCPI and Microsoft.

In more particular words, I've been unable disect from the market-lingo if this architecture contains the "protected execution space" and such features that could deny cryptographically unsigned activity, instead of giving me the tools of verification.

Re:The artist formerly known as Palladium?

[DarkVein]

s/TCPI/TCPA

Re:RNG

my old Cyrix MII seems to have this feature when it heats up...

Solution (I am assuming you are running Linux)

. //Lameness filter fix here, ignore this line

In the interest of national safety:

[CoolGuySteve]

Everyone should use the same random number.

I think 23 is a good one, nice an prime, and close to 21 too!

Re:Cool but...

[TheMidget]

Actually, the random number generator is the math coprocessor. And they are not even the first to think about this: such techniques were pioneered by Intel in the first Pentiums

Is that a typo?

[A+nonymous+Coward]

Surely you meant 5,246,594.

Re:Finally (OT: Ti-83 Rand)

[cymen]

You have a fridge, right? Chuck it in there or the freezer (not too long with that LCD) and see how it works after a good cooling.

Quick test...

[MarkusQ]

If you're using KDE, click on the little gear icon (generally in the lower left corner). Then selected the item "Recent Documents."

Do you suppose that might be how she does it?

-- MarkusQ

USELESS

It's too bad that, outside of a few people in the scientific community (such as those running Monte Carlo simulations and statistical thermodynamics calculations), no one uses random number generators (RNGs).

And the worst thing is, the aforementioned people who do use RNGs undoubtedly will want to run their own generator that is most likely superior.

For example, I run Monte Carlo simulations of polymer networks. The algorithm I use is the Mersenne Twister algorithm, which has an enormous period of 2^19937 - 1. This is much superior to VIA's built in RNG, and much faster than the standard rand() function in C.

So I'm sorry, but I fail to see the utility of VIA's RNG. It's a cool little toy, and I'm sure it's going to get VIA some publicity, but I'm betting that it will be a hard sell to most people.

Re:USELESS

[viega]

Is this a troll? Nevertheless, it is stupid, for a few reasons: 1) The Mersenne Twister is not cryptographically secure. 2) Even if it were, it would still need to be seeded with entropy, such as the kind provided by the VIA generator. 3) There's a big difference between entropy and pseudo-random numbers, anyway. 4) Entropy is crucial in many security-related applications. Of course, given sufficient entropy, you can stretch it out with a good cryptographic PRNG.

Re:USELESS

[stanmann]

Yes, and inside of a few people in the scientific community it is too dark.

Seriously though, Except for stuffed suits who add numbers in a column, a RNG is used by anyone who uses certain forms of encryption and by everyone who plays any sort of game with any level of AI, at least in a game with any level of replayability. The problem is that VIA being mostly a walmart and homebrew processor, games won't necessarily be coded to take advantage of this.

Re:USELESS

[mattwolfewvu]

Looks like someone's never played DnD (or any other dice rolling rpg).

Surely you know that "Random Number Generator" is the uber-geek term for a D6!

Re:USELESS

"The algorithm I use is the Mersenne Twister [keio.ac.jp] algorithm, which has an enormous period of 2^19937 - 1. This is much superior to VIA's built in RNG"

Hahaha! Since when was having a period on your RNG is a good thing?!

quote unquote "retard"

the previous poster said it better, but i thought i should tell you how i really feel. you are a fucking moron.

thank you for your time.

Paul Kocher is one of the experts

[billstewart]

Paul Kocher is one of the well-known experts in the practical crypto field. As you can see from his web site, he's done some innovative mean nasty approaches to cracking cryptosystems (mathematical proofs are a fine thing, but if you can figure out the state of the CPU by measuring its response time or detecting the power consumption, your system isn't as secure as you thought :-)

And In the interest of national security:

All random numbers are to be first submitted to the government.

Nehemiah core on EPIA boards

[Stormie]

Does anyone know when VIA intend to release an EPIA MiniITX motherboard with a Nehemiah-cored C3 CPU? Apparently the M10000 they released recently was supposed to be so equipped, but turned out to only have a 1GHz version of the older Ezra-T C3 core. Since the Nehemiah core has a lot of improvements, this random number generator amongst them, I'd rather hang out for it than buy an M10000 now.. but how long must I hang?

Re:Nehemiah core on EPIA boards

[cymen]

Mini-ITX.com keeps me informed of changes in the mITX world. Their front page has a link to a review of the Nehemiah core C3 by SilentPCReview. Hopefully the new core will be out soon if review sites have it in hand.

Jesus

Im damn impressed with that link and that algorithm. Thanks.

Wolfram

[mindpixel]

Someone should ask Wolfram how the universe generates random numbers...

Re:Wolfram

[rockola]

Einstein was right, God does not play dice with the universe. However, the universe plays dice with God.

more random number generators:

[geekoid]

The Beatle random number generator:
number 9
number 9
number 9

The monty python random number generator:
6, no 8...AAAAaaahhhhhhh

the ask a person to guess a number between 1-10 random number generator

7
3

the Slashdot random number generator
3.14, 1701, 2001, 69, 1337

The Microsoft Random number generator
7,7,7,7 yes its random, says so in the eula

the pepsi random number generator:
1

the buffy random number generator:
"you dare insult buffy? you are stupid AND you suck."wait, that was the "angery buffy fan response to a minor critque of the show generator"... my bad.

Re:more random number generators:

[ralmeida]

The ultimate RNG: 42

Re:more random number generators:

[be-fan]

I feel kinda stupid asking this...what's 1701 mean?

Re:more random number generators:

the Slashdot random number generator 3.14, 1701, 2001, 69, 1337

You forgot 42, it definiatly belongs in the /. RNG

Oh and for since I saw someone asking was 1701 means, a translation
3.14: An approximation of pi
1701: The hull number of the starship enterprise
2001: "2001: A Space Odyssey" A SciFi novel by Arther C. Clark (or the movie based on the book)
69: pr0n related :)
1337: leet speek for "leet"
42: The answer to life the universe and everything. (See Douglas Adams Hitchikers Guide to the Galaxy series)

Where does noise come from?

[mindpixel]

I remmeber going to the university science library when I was 14 to try to find out how to write a program to generate random numbers...found a big yellow book about pseudo-random number generators and thought, no, I want a real random number generator...of course I opened the book and discovered that it is impossible inside a deterministic system...you have to stick an antenna into an external universe...then I thought where the fuck did the universe get noise? Why isn't the universe one big symmetric crystal?

Now I sit here looking at a 2 billion year-old hypernova and no one here can answer this question (There are at least 5 cosmoligists within spitting distance of me right now)...

Re:Where does noise come from?

Because of quantum uncertainty. If there had been no quantum uncertainty then after the big bang every particle would have had perfectly equal forces on it and thus the Universe would have settled into a perfectly homogenous soup (or maybe a big symmetric crystal), quantum uncertainty caused minute vartiations in density, forces etc, which allowed clumps to form and hence stars, planets and everything else.

Re:Where does noise come from?

[kinnell]

where the fuck did the universe get noise?

I think there are several conclusions you could come to:

1. The book (or mathematics) is wrong
2. The universe is not a deterministic system
3. Random numbers do not exist

I would lean towards 2 - aren't quantum processes such as radioactive decay non-deterministic? This seems to be a matter of opinion, even among great physicists. If, however you hold that the universe is deterministic, I suppose you would have to come to the conclusion that nothing is entirely random.

As a side not, noise does not imply non-determinism: gaussian white noise, for example, is entirely deterministic (depending on the above ;-) ), and is generated in a system where a large number of "random" events summed together contribute to the whole. For example chaotic movements of electrons in a hot conductor giving rise to electrical noise. In such a case, the noise is in practice unpredictable, so is treated as non-deterministic.

Re:Where does noise come from?

As a side note, noise does not imply non-determinism: gaussian white noise, for example, is entirely deterministic

Gaussian white noise, in general is not deterministic, the particularly example you cite of electrons in a hot conductor may be, but that is because in this case the gaussian white noise is only an approximation to underlying deterministic process (which may be in fact be non-deterministic due to quantum effects)

Re:Where does noise come from?

[ryanvm]

Maybe they would answer you if you'd stop spitting on them.

Re:Where does noise come from?

[data1]

The Culprit: Quantum Fuzz.
Werner Heisenberg's uincertainty principle (1927)effectively eliminates the possibility of getting some sort of accurate measurment of a number as a result of physical influence, since you are in effect tampering with the measurment medium.

Hmmm... my brain is tickled, now i wont be able to work the rest of the day - time for some thought experiments!

Re:Where does noise come from?

[mindpixel]

Someone has to bath them.

Let me put this another way

[Sevn]

We have electron microscopes. The technology will
get more refined. We'll eventually be able to track
the movements of an atom and find a pattern in
relation to what's going on around it.

Ok, fast forward 100 years. At this point computers
are a ridiculous combination of DNA, and some sort
of fastening mechanism that attaches it to your
body for either voice or (hopefully) some sort of
direct thought connection. This is the computer
you can plug into the machine that blasts an
enormous amount of some particle that passes
through matter into a collection sensor on the
other side that looks for the subatomic equivalent
of doppler shift, then charts the path of every
particle in that substance. Something powerful
enough to translate the slight change in that
particle passing through the substance into an
interception vector and plot speed and movement.
All this outputed to a 3d model that you can
zoom in on and automatically record to some
sort of database for more thorough data analysis.

Humans vs. Machines

[dstone]

In fact, if you ask a human being for 3 random numbers, odds are very good that they will give you at least two sequential ones...such as 7 6 2...or 5 9 8...

What do you mean by "very good" odds? If you ask a TRNG (true random number generator) for 3 random numbers, odds are quite good (40%) that it will give you at least two sequential ones. This is just rough math (supplied upon request) off the top of my head with the assumption that 9 and 0 are considered to be adjacent; odds would be slightly lower if we reject this. My point is that your example has fairly significant odds, even by a TRNG.

But with random numbers...a human couldn't do it even remotely as well a computer can, so why is it considered such a weakness of computers?

Humans can toss a coin or roll a die or spin a wheel. Those are actually decent ways to generate numbers. It's an ability to interface with entropy that humans have (and computers don't, unless you want to stuff a natural/mechanical/chaotic process into a hardware RNG). And the sequences generated by humans in those ways are not easily recreated or predicted and a seed value doesn't really exist to weaken the scheme either (as it does with software RNGs). Assuming you give the wheel/die/coin a really good spin!

Finally!

[AvengerXP]

I can stop getting 10 times Undead in a row when playing Random in Warcraft III!

Ok so I've read (most) of the posts here and

[Tolkien]

I hafta admit that even with something as simple(?) as a random number generator, can somebody sum up exactly how this is done, and if a RNG's source-code were decompiled, could every number it produced be predicted (no matter how complex the algorythm used to produce the numbers) ahead of time?

I'm wondering because I once heard of a mathematician who stood by one of those big lotto machine things in a casino, after a full morning of jotting down consequitive winning numbers, he bought his first ticket in the afternoon (having chosen his numbers carefully) and won the jackpot, he continued buying tickets and winning every time until eventually security kicked him out because he was winning too much.

Re:Ok so I've read (most) of the posts here and

[GodSpiral]

without knowing the algorithm or source code used, the problem with software RNGs is that they all cycle. So if you use one to generate its full list of output, you can predict any program's random number stream after just a few samples.

Your mathematician annecdote sounds a little far fetched. There is only a few widely used algorithms for software RNGs, so I guess it is possible to guess at the core algorithm, guess at straightforward software manipulations of the RNGs, and then test against the stream of keno numbers to find where in the cycle it is.

Re:Ok so I've read (most) of the posts here and

[rev063]

The anecdote isn't as farfetched as you might think. (IAAS -- I am a statistician -- so I can speak from experience here.) Physical systems, like casino wheels, are terribly hard to predict. But there are ways ...

I know of one story where an wily engineer exploted an imbalance in a casino roulette wheel. Basically, an error in the alignment meant that one side of the casino wheel came up more often than the other. It still wasn't possible to predict any one number coming up, but you could say, *statistically*, that certain numbers came up more often than the odds paid for betting on them. If you make enough bets, then after a while the difference will result in profit. Casinos actually *encourage* the punters to write down the past numbers, but without some heavy-duty analytic software to back it up, this won't help anyone -- and you can't bring your PC into the casino, that's for sure. This engineer has some kind of transmission system built into his shoe, as I recall. But roulette wheels are regularly checked for balance for exactly this reason, so don't try this at home, kids.

When RNGs are used instead of physical systems, there are other ways to exploit the system. I remember one time when the government of my home state in Australia introduced an early form of on-line gambling: a Keno system (like lotto -- draw 10 numbered balls from 100, and try and guess all 10) with drawings every five minutes. It was all computer-controlled, with displays in pubs and bars around the state. You could place bets at an online terminal at the bar. The government got a statistical consulting business I was involved with to help set the odds and work out what the expected payoff would be (so they'd have enough mony to cover winnings in the early days -- the jackpot was a significant amount -- early payoffs were to be backed by insurance).

Unfortunately, the jackpot was won on the first game of day three, which caused some embarassment all round. (They'd predicted a miniscule chance of it being won within a month -- there was a chance of this, of course, but the insurance premium paid didn't cover this eventuality.) A bit of investigation revealed what had happened though. On the first drawing of day 1, the numbers were (say) 16 19 22 27 30 49 58 65 74 97. On the first drawing of day 2, the numbers were again, 16 19 22 27 30 49 58 65 74 97. Someone noticed this and placed a bet for the same numbers for the first game of day 3, and won the jackpot. As it turns out, the programmer had reset the "FOR day IN ..." loop, meaning the first results of each day were the same. (The RNG was used between games in the ticket issuing process, so it didn't affect later days, which was why it wasn't noticed in development.) Just goes to show the importance of good QA when dealing with RNGs.

Re: Ok so I've read (most) of the posts here and

[Black+Parrot]

> Someone noticed this and placed a bet for the same numbers for the first game of day 3, and won the jackpot. As it turns out, the programmer had reset the "FOR day IN ..." loop, meaning the first results of each day were the same.

Were "someone" and "the programmer" by chance the same person?

Re: Ok so I've read (most) of the posts here and

[rev063]

This was looked into during the police investigation and enquiry, but no connection was found. It was just some observant schmuck, writing down the numbers trying to predict them. (Shouldn't have worked, but there ya go.)

BTW, I meant to say: "the programmer had reset the RANDOM SEED WITHIN THE "FOR day IN ..." loop ...

CmdrTaco was eaten by a Fent

Taco isn't getting any ass tonight.

Poor oh Poor him.

here you go

5854 2654 4487 3335 9065 10616698 2318 3666 380
2500 7780 3437 1833 4334 83698282 1136 2000 2082
6642 9409 4137 7856 8480 99051000 2683 8621 5799
1485 8919 4933 6643 490 6568310 4338 9245 9938
6878 8969 1464 3066 1072 68614113 910 9280 3842
4770 7043 2354 7797 4113 7725766 2272 6730 8077
3682 7780 8750 5396 1130 99321955 2958 6678 26408545 3639 8030 5814 7860 6053 8845 6704 7628 3775
4982 4991 6780 1616 6573 4979 8731 8305 3760 5914
7317 6702 2378 8297 1238 4273 8503 7095 3748 9820
3972 3825 5887 7596 5884 365 7206 5175 3942 6462
4709 7671 6103 7713 7036 6392 6329 5397 5420 87064329 6926 4478 1690 8964 7452 7948 3980 9449 18328878 7523 7194 8441 9404 1848 6613 8723 6081 61288776 3044 9489 5272 55292277 9441 1096 846 8970311 9471 6000 1899 9375 4419562 2610 1886 70352865 9187 7662 8564 54054686 7215 5213 9658 50731871 6946 5321 9521 2863 7317 3018 110 7383 19363208 6879 5944 4857 6149 7204 9289 2835 3082 27876470 2234 1555 9322 9428 9568 1589 7946 8964 21693445 9788 6864 9137 671 6395 7210 6466 7398 36822505 1253 893 6039 1374 9483 2812 3117 2865 6996
1946 7926 5012 256 4773 2188 3781 9131 7825 5323
9486 5422 1985 4494 2738 406 3028 3210 5879 7672
5234 3614 3614 9443 1077 461 5799 2945 1951 4773
3143 6242 1674 3755 365 4060 7663 8722 4110 8984
5200 8270 4293 496 4427 7973 618 5222 9907 732
4788 7981 1916 755 7259 131 300 4548 230 4967
5594 533 4712 2991 7715 1784 9728 5516 8595 3963
3902 2797 1044 5228 3823 9845 5072 2597 336 1432
5662 4509 1752 6557 4320 8476 2158 4549 5534 1438
6303 2317 4131 2699 4667 8691 4934 3291 9845 4237
9414 402 1078 9854 5550 8192 1958 6709 522 653
4389 8547 4181 5940 5220 2315 1604 7781 7560 6168
1479 6592 801 838 6913 4197 7261 9192 8319 9098
624 4888 8369 1917 7959 6678 6640 9116 4863 5128
5178 2607 8711 3990 9925 1438 7397 4075 7541 9742
1058 2028 4790 571 3115 2087 5498 4204 3096 1652
885 22 619 275 2569 7837 7176 9854 6936 9041
9689 2614 5808 3760 6740 6891 4849 2835 1261 7971
5944 8571 6794 4765 7059 4786 5387 3943 1368 3110
3997 5006 4225 8306 6964 5703 5306 7543 3617 7028
3892 4599 6150 4048 1650 4462 2681 952 76 3247
3330 119 1757 9923 6601 3619 4058 9691 4476 2157
7030 8384 2144 3709 3872 131 5312 4924 2763 3711
9540 3213 7144 6029 9066 1487 7519 1933 5072 4004
7996 3239 2596 9187 5243 3876 7799 727 7405 2166
6749 4828 4313 7763 1225 1514 2148 1938 9847 7636
2992 428 9199 7937 8177 17 5501 776 3257 8507
7606 782 1693 7701 2676 1382 2817 9163 1696 6025
3469 9976 710 6155 9766 5113 5799 4616 6723 1295
4271 7214 9745 9402 8106 670 7871 8094 5859 2363
6881 4559 8691 4655 2782 723 3874 4627 2315

Re:here you go

[borgdows]

I'm sure you're so dumb that you posted this by hand instead of using the new VIA processor!

pioneered...

...like out west, historical stuff. It just seems so OLD. I remember that Pentium bug like it happened 3 months ago. *sigh*

You were probably joking, but...

What a load of crap!

Did you notice there are:

• Two fives
• Two fours
• One two
• Two sixes, where one of them is upside down

Coincidence? I think not. Look at the numbers. There are two digits of every number, except for the twos of which there is only one. And one six is upside down.

You are an ingnorant, pompous fuckrod

And you are wrong. Uncertainty principle holds with just a single particle. You clearly have no idea what you are talking about. If you know the position 100% accurately, you don't know the speed, and vice versa. This is a simple, provable, and unescapable rule of the universe.

Turing - nothing new under the sun...

[AYeomans]

So what's new?

Alan Turing designed the random number generator instruction for the Ferranti Mark 1 around 1950.

(Or is this an entry for the oldest Slashdot reposting competition, just 53 years late?)

You missed one.

The John Katz random number generator:
911... 911... 911... 911.. ColumbDOH!

Re:Finally - Sinclar Spectrum 4mhz Z80 had RND

Anyone remember how the ol' Z80 did its stuff?

Why shouldn't there be noise?

[Kalani]

Consider a deterministic pseudorandom number generator that's highly sensitive to its initial conditions. Maybe that's the universe and we don't know it because we can't determine the initial conditions with absolute certainty nor can we even determine its current state with sufficient accuracy.

What if space and time are discrete (Ed Fredkin and so on)? Of course, space couldn't be a rigidly even lattice (it could be a network of loosely connected nodes), but in this sense you have a rigorous foundation for modelling the evolution of the universe from one state to the next ... a computational process that defines how the universe operates. This process is only (universally) taking us toward increasing entropy, so it's a randomizing process by nature. Really I think that order is the oddity ... not randomness.

Even better

Even better would be an integrated lavalamp whose bubbles are used to create totally random numbers. It would even look cooler and consider following conversation:

- "OMG how big your lavalamp is!"
- "Yep, it's the most secure model in the market"

He already answered that

[Kalani]

If a discrete dynamical system as simple as (2 state, 1 dimensional, 1 nearest neighbor) Rule 30 can generate 'pseudo'random numbers, it's not hard to believe that the universe can too. Fredkin has also answered this at his digital physics website.

And the link

Oh and I forgot the link:

http://www.lavarnd.org/

Mmm.. thermal noise

[Scorchio]

Similar to what Douglas Adams suggested as a random number generator, 25 years or so ago, I guess. This implementation is a little more convenient - although slightly less tasty - than a fresh really hot cup of tea.

the Slashdot random generator

You forgot the CowboyNeal entry, you insensitive clod!
the Slashdot random number generator
3.14, 1701, 2001, 69, 1337, % of voters for CowboyNeal option in ./ polls.

You must be nuts!

All it would take is one terrorist/hacker to "overclock" it and... BOOM! DIRTY BOMB!

The Law of Seven

[ihatewinXP]

That was the other half of my joke. Not only does the prototype suck but being a human all he ever does is give you "Seven." Glad to see a few people picked up on the not-so-random number generator.

And the the findings of this reviewer...

[Junior+J.+Junior+III]

I rate this random number generator a... (rolls dice) 4 out of a possible 10!

Indeed

[Styx]

He says so himself:

Of course, if you're using the random data for cryptography or other security-related applications, you can't be certain I'm not squirreling away a copy. But I'm not, really.

Even if he isn't, what's to stop anyone of the route between you and him, from saving a copy, or altering the numbers enroute?

But if you need numbers you can really trust, he also shows you how to build your own.

Did you know?

In Soviet Russia, the RNG generates YOU!

RTFA!

Its hardware based on thermal noise.

It isn't like this is the first lull we've had

[Sevn]

in progress. Your limited thinking is common. I
think it's ludicrous to think we'll hit a glass
ceiling at any point. Most of the arguments against
my way of seeing this is the uncertainty principle
example of an electron being shot at a plate with
two holes in it and going through both at the same
time. That's great but an electron isn't the only
particle. Think about that. I'd be more inclined
to believe that our current science is fundementally
flawed like it turns out to be every hundred years
or so than to think we won't eventually be able
to find patterns and signatures in everything.
From the shape of the chambered nautilus to the
orbits of atoms and galaxies. Something leads to
something else and it gets unraveled and
understood with increasing levels of certainty.
Cause and effect. If you think that any science
we have now will be applicable in a thousand
years, you are kidding yourself. I'll put my
money on time.

OSS Random Generator

0123456789
Use any number in any combination. This is licensed under the GPL.

OT: quote-unquote "your sig"

[sig+cop]

Love the sig.

My analysis

[AnotherBlackHat]

Further discussion is bound to appear on sci.crypt.random-numbers before too long.
First, the best paper I've been able to find is this one;
http://www.via.com.tw/en/viac3/via_c3_padlock_ev al uation.pdf

This HRNG is based on sampling a high speed oscillator with a low speed oscillators XORed together.
The output is run through a "von Neumann
Corrector Register" before finally being output.
(The corrector can be bipassed.)
Both oscillators and Von Neumann's method of correcting for bias have a bad history in HRNG,
so this particular HRNG doesn't give me that warm glowy feeling of having been designed by someone who knew what they were doing.

The output of this generator is biased, even in the "corrected" mode.
This isn't damning by itself, but it shows that as usual,
the raw bits are not independant, so the Von Neumann corrector doesn't, and it's IMO overall a waste.
Not a big waste, it has some good properties,
but there are much better things that could have been built out of the realestate.

The interdependance of the bits is typical of an oscillator design,
and we can expect all the usual failures.
In particular, if they ever do a shrink of this chip, they need to redesign the oscillator portions.

Although I'm not particular impressed with this design, and the output needs to be processed before being used,
it's still way better than nothing.
With a raw output of over 3 megabytes a second,
what it lacks in unbiasedness can be more than made up with oversampling.
In the processed mode, it's only 1/8 the speed
so it wouldn't be an acceptable replacement for statistical programs even if the output were acceptably unbiased.
Despite the claims of the paper of .85-.99 bits of entropy per bit,
Clearly the amount of entropy in the raw mode is far less than .5, probably closer to .3.
(If it were as high as claimed, then the corrector wouldn't be as slow as it is.)
The bad entropy estimate is really a failure of the paper though, not the HRNG.
Many HRNG designs produce less than .1 e-bits/per bit so .3 isn't bad.

-- this is not a .sig

Cooler RND

[Cybrr]

Lava lamp cluster!

a truely random number

[kannibul]

A truely random number would be one with an infinte number of digits, and since we have no way of comprehending that amount of data into a manageable amount of space/memory, then we can never have a true random number, in it's natural state. For example, you could hit to proverbial number generator button, and get a number with an infinte number of charactors - it might be 3 charactors long, it might be infinity -1 or infinity sqared, or the square root of infinity.
I believe we will never be able to create a naturally occuring, random number.

Ultimate source for randomness

MS Word
you try to do the same thing
at different times and get a different result each time :)

seemingly random events not so random??

[d0ggi3]

www.princeton.edu/~pear

i found this research to be quite shocking. the jist of the research is that your conscious thoughts can influence truly random events.

re: rabbit ears

[sacrilicious]

Don't even get me started on making little Rabbit-Ears with your fingers

Agreed. I hate those so-called "Rabbit Ears". (reader invited to visualize fingers making rabbit ear gesticulations during previous sentence's quote marks.)

I don't count it

[SHEENmaster]

if I wait for 42 to come up.

Do you really think that the Hitchiker's Guide contains 42 for no specific reason!?