Slashdot Mirror
VIA C3 Random Number Generator Reviewed
An anonymous reader writes "VIA has added a hardware
random number generator to its Nehemiah C3 CPU. I found a recent review
of its security. Interesting how it's done at the instruction level as opposed to
the chipset level used by the i810 RNG (also reviewed there)."
...generating huge cryptographically strong random numbers. I wish more companies would add hardware like this because a good source of entropy is becoming increasingly important in the world. Weak random numbers can reduce the strength of most crypto systems and we need all the privacy we can get in the US today.
Why bother.
How can anyone use an incomplete cpu without a math coprocessor? That is the heart of the functionality of any cpu.
Checking out my form of escapism.
If a machine can not generate a truly random number (not seed based), and is not turing complete, can it be called Artificially Intelligent?
Consensus is good, but informed dictatorship is better
"I had the worst experience with my Ti-83..."
Dude, You REALY need to get out more.
-Greg
Isn't it interesting how much importance we place on quote unquote "true" randomness of numbers? We expect (or at least hope that) a computer can generate random numbers time and time again without fail...
But any human being would prove horrible at such a task... In fact, if you ask a human being for 3 random numbers, odds are very good that they will give you at least two sequential ones...such as 7 6 2...or 5 9 8...
I guess that's the point of computers though...if we could all calculate as fast as a computer, process data as fast as a computer, and perform other tasks as fast and as well as a computer, we wouldn't need computers, now would we?
Random number generation is an interesting topic though because it is often seen as a fault of computers... People claim that computers are "incapable" of generating random numbers. So are human beings... I can understand a computer not being able to store a floating point number with a hundred digits after the decimal point being considered a fault, because FEASIBLY a human being COULD perform the operations and have the value exact out to a hundred decimal places. But with random numbers...a human couldn't do it even remotely as well a computer can, so why is it considered such a weakness of computers? Maybe the power of computers to break their own codes because numbers aren't truly random is the reason they are sought after in the first place.
Your proposed method would be slightly skewed, as the half-life of the material would give you an "expected" number of events in your sampling period, which would cause the result to lean towards either even or odd. The effect would be small, but present.
Actually that would only be true if the sampling time was about equal to the half-life. Extrapolations from the half-life become much less reliable with smaller sampling times. So if you use something like plutonium, which has a huge half-life, and a sampling time of 1 second, you will get a distribution that is quite random. It would be pretty easy to set up too. All you need is a gas-filled detector in the GM region and some electronics.
Your proposed method would be slightly skewed, as the half-life of the material would give you an "expected" number of events in your sampling period, which would cause the result to lean towards either even or odd. The effect would be small, but present.
I can think of many solutions...
-Use an isotope with a really long half life, like Uranium. The change over the life of the device would be trivial. There are problems, like other atoms becoming radioactive, and isotopes in the decay chain having different half lives, but I think the bias could be kept small, like one bit in millions.
-Constantly recalibrate by keeping a history of the last N decays, where N is large enough to converge on the actual number sufficiently well, but small enough that if the device was captured it will not reveal what numbers you've generated. Adjust your interval accordingly. The calibration may be biased, but the bias itself will be random and changed with each decay.
-Count the time between decays, and generate bits by comparing the length of the intervals. If the second is greater, the random bit is a 1. If it's less, it's a 0. I think you could safely alternate between 0 and 1 on equal times, but don't take my word for it. This method would be the best, but half as fast.
When someone might yell at me, it has to be OpenBSD.
This is really totally unworkable. VIA is trying to manufacture a cheap, cheap chip. Why would they want to mess with integrating radioactive material and detectors into their processor, when a simple overloaded transistor is just as random?? Really! Removing bias is a solved problem. The only place it's very difficult to generate random numbers is in pure software.
The order in which the balls come out of the lotto machine is (afaik) random. However, the sequence 1-2-3-4-5-6 is just as likely to come up as any other. Does that mean it's not random? No.
One of the few accepted truly random physical processes is radioactive decay. It is however completely possible that 4 decay events occur, each exactly 2 seconds apart (for instance) - it doesn't mean our radioactive sample has suddenly broken the laws of physics.
Your arguments are frankly bizarre, as determing randomness on such a small sample size is impossible. As your sample size increases you can examine the statistical distribution of values, and come to a (increasingly certain) conclusion on the probability that the thing generating those values is truly random, but (IMHO) you can never be sure.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"