Still like that in Europe. You can generally hop on a plane anywhere in a shengen country and take a flight to any other without showing ID. Home of the free.
>Since almost 20 years, there are so much "Java Killer" touted languages that died and other that are dead-alive experiencing NDE. Meanwhile, Java is still there and kicking...
Old languages that are a problem (in that they are crap, but lots of people are invested in it continuing) can exist in a Wiley- Coyote-over-cliff state for many decades. Like a black hole, ultimately doomed, but the process of shedding mass is so slow that it's hardly worth waiting for it - just ignore it and stay away if you have things to achieve.
Apache Foundation and Red Hat seem to be the two entities that may have enough momentum to absorb something this big. Eclipse would be nice, but can they grow that much that quickly without hurting their core?
Anyhow, beware of Ellisons bearing gifts.
Not necessary. Just throw it up on GitHub and open an issue torrent.
Since P != NP is the expected answer, is this news really that exciting? Evidence that P = NP is the one that would actually be exciting, since it would suggest the existence of an unknown algorithm that handles certain problems far more efficiently than the currently known alternatives.
It's good news for crypto. If P != NP, then that means there isn't a polynomial time algorithm for breaking all crypto algorithms.
Dieharder needs on the order of a TB of data to avoid rewinding. BigCrunch is worse.
>it would be great if users could just buy one off-the-shelf and get a reliable TRNG with minimal effort and cost. Someone should ask ARM why they don't provide on in their CPUs.
"ImportError: No module named scipy.special" is python's way of saying please install scipy. You can do that. I'll throw in my own implementation of the incomplete gamma function to break that library dependence when I work out the equation.
I can't help with your lack of RAM, but how large were the files? Some of the NIST tests increase their memory usage with data size, but NIST specify data sizes to be used with the tests in SP800-22Rev1a.
My problems with the NIST STS-2.1.2 code are: A) On bad data (high bias) it will lock up (in the igammac function, hence using scipy's in my code, but it could benefit from using mpfr floats ). B) On good data it finishes but doesn't return a result - no P values, no pass or fail. C) The parameters in the overlapping template test are wrong.
The difference becomes relevant in 'quantum secure entropy extractors' which are designed to be secure against 'maximally entangled adversaries'. I.E. Something that does know the state. With non determinism in the universe, quantum secure extractors can be built. In a deterministic universe, they cannot.
All generations since Ivy Bridge that have a CPU RNG are based on metastability, which treats all types of noise equally.
Before that there was an RNG based on using a thermal noise to drive a VCO which sampled a fast oscillator. This was used in the chipset, not the CPU. The Linux i810 driver is the driver for this older RNG. RdRand doesn't need a driver because it's just an instruction returning numbers from the RNG.
Probably not. Dieharder implements distinguishability tests for PRNG algorithms. For an entropy source you want min-entropy estimation algorithms.
The primary source of these algorithms is the SP800-90B draft spec. Unfortunately they don't work well. I submitted public comment to NIST detailing the failures of the tests against simple cases of biased and correlated data. https://github.com/dj-on-githu....
I'll give Dieharder a try when I get time. I added the results from the NIST tests to the repo in the mean time.
If it passes NIST and Diehard I'd expect it to pass Dieharder, but it's worth checking.
Try it sometime. It will fail Dieharder. Not because it's bad, but because perfect data will fail. The output from dieharder -l tells you that the OPSO, OQSO, DNA and SUMS tests are suspect or bad and indeed they fail often over good data. Also the default confidence limits mean you are likely to hit a suspect or fail regardless of the quality of the data.
The updated SP800-22rev1a tests are ok, but not if you use the NIST STS-2.1.2 software. The coefficients for the overlapping template matching test are simply wrong. You can buy my book to find the details when it's out next year, but for now, I've made a working implementation of the SP800-22 tests available at https://github.com/dj-on-githu... . This is the only implementation with the right coefficients.
There's also a re-implementation of ent for computing statistics over random data with better file handling than the original: https://github.com/dj-on-githu...
Current physical laws have non determinism built in, because this is what we observe in nature. However the cause of that non determinism is not explained. It is an observation. It works very well in describing the world we see.
We could if we were speculating wildly, envisage every point in the universe at some sub plank scale containing a uniquely seeded deterministic RNG that is used to decide the outcome of interactions, and we wouldn't be able to tell the difference.
So it's reasonable to 'believe' we have a non deterministic universe, because it's what we see but we don't actually know, and you could equally reasonably choose to 'believe' we live in a deterministic universe because we don't know fundamental laws that would create non-determinism out of determinism, so the non determinism we see is more likely to be from a complex deterministic process underneath.
Since I've had about a decade where the answer to these questions mattered a lot to me (I work in crypto and mostly in RNGs for crypto) I've landed a lot more firmly in the "we don't know" camp and the "We can't tell the difference" camp.
I expect (given my job makes me quite well prepared to answer) that the output would be statistically non stationary and so not fit nicely in a binomial or poisson distribution.
The question that needs answering is "What is the min-entropy of the data from this source".
Another question is "What is the distribution of quality of entropy across a large population of these devices". It seems likely that a large proportion would not work when built due to intrinsic device variation.
They answers might be in the paper, but I've failed to read it yet.
>and the Nevada Gaming Control Board are the arbiters on this matter.
The Nevada Gaming Control Board has an alarmingly weak set of rules for RNGs in gaming machines. It is trivial to make a non random RNG that meets the spec. It is as follows:
1.400 Random Selection Process and Random Number Generator 1. The random selection process must meet 95 percent confidence limits using a standard chi-squared test for goodness of fit. 2. A gaming device using a software random number generator (RNG) shall: (a) Not use static seed upon initialization; (b) Cycle the RNG at a minimum average rate of 100Hz (100 times per second); and (c) Not draw RNG values for future play. 3. A gaming device using a hardware random number generator shall: (a) Continually monitor the RNG to ensure compliance with this standard. This shall be done by performing a chi-squared goodness of fit evaluation over the most recent 10,000 random outcomes selected for game play; (b) Automatically maintain an event log displaying the results of the most recent 10 chisquared tests to include the result of the test and the date and time the test was performed; (c) Display a visual indicator of a failure; and (d) Upon, two consecutive failures, enter into a tilt condition. 4. RNG’s used for purposes other than determining the game outcome must either: (a) Be implemented as a separate instantiation of the RNG process; or (b) Be based on an algorithm or method that can be demonstrated does not affect the game outcome. 5. A game that draws a predetermined set of outcomes for a game, such as a shuffled deck of cards, must prevent the information from being accessible. 6. Additionally, video poker games must not determine replacement cards prior to the player selecting hold cards and initiating a draw. 7. The RNG and random selection process must be impervious to influences from outside the device, including, but not limited to, electro-magnetic interference, electro-static interference, and radio frequency interference. 8. A gaming device must use appropriate communication protocols to protect the random number generator and random selection process from influence by associated equipment or other devices which is conducting data communications with the gaming device.
There are many things wrong with this. ChiSq GOF test for randomness is only a bias test. This 111111111111111110000000000000000000 would pass a Chi-sq test.
95% Confidence limits? You can be wrong 5% of the time?
Minimal conformance to this: "(b) Cycle the RNG at a minimum average rate of 100Hz (100 times per second); " Was used in an active timing attack against a slot machine.
This "(a) Continually monitor the RNG to ensure compliance with this standard. This shall be done by performing a chi-squared goodness of fit evaluation over the most recent 10,000 random outcomes selected for game play;" Is trivial to comply with in a completely non random system.
This is impossible: "7. The RNG and random selection process must be impervious to influences from outside the device, including, but not limited to, electro-magnetic interference, electro-static interference, and radio frequency interference."
v1 is is talking about a preferring a deterministic RNG vs. a partially entropy entropy source.
A properly engineered RNG for crypto needs non determinism from an entropy source and needs uniform, full entropy data by running it through an entropy extractor. The 'algorithmic method' v1 mentions is a PRNG. It's optional and is used to increase performance by generating many outputs for each seed input.
Slashdot Mirror
Conspiracy theories aside, the evidence points to him being killed when he bailed out of the plane. Some mastermind.
That's what she wants you to think.
Still like that in Europe. You can generally hop on a plane anywhere in a shengen country and take a flight to any other without showing ID. Home of the free.
And drive across the border without stopping.
>Since almost 20 years, there are so much "Java Killer" touted languages that died and other that are dead-alive experiencing NDE. Meanwhile, Java is still there and kicking ...
Old languages that are a problem (in that they are crap, but lots of people are invested in it continuing) can exist in a Wiley- Coyote-over-cliff state for many decades. Like a black hole, ultimately doomed, but the process of shedding mass is so slow that it's hardly worth waiting for it - just ignore it and stay away if you have things to achieve.
But does lstlisting support your language in latex?
Apache Foundation and Red Hat seem to be the two entities that may have enough momentum to absorb something this big. Eclipse would be nice, but can they grow that much that quickly without hurting their core?
Anyhow, beware of Ellisons bearing gifts.
Not necessary. Just throw it up on GitHub and open an issue torrent.
See here for all the quantum computational complexity classes:
https://complexityzoo.uwaterlo...
Since P != NP is the expected answer, is this news really that exciting? Evidence that P = NP is the one that would actually be exciting, since it would suggest the existence of an unknown algorithm that handles certain problems far more efficiently than the currently known alternatives.
It's good news for crypto. If P != NP, then that means there isn't a polynomial time algorithm for breaking all crypto algorithms.
Dieharder needs on the order of a TB of data to avoid rewinding. BigCrunch is worse.
>it would be great if users could just buy one off-the-shelf and get a reliable TRNG with minimal effort and cost.
Someone should ask ARM why they don't provide on in their CPUs.
Note that the NIST spec says to test with 1 Mibibit/128Kibytes of data. The tests run in reasonable time with data that size.
I'm working on some better tests that are more reliable and computationally more bounded. We shall see if I succeed.
I've just push changes to remove the dependency on scipy. Feel free to pull them.
Implementing the gamma functions is how I prefer to spend my weekends.
I've been rather enjoying the new DLC things in Sniper Elite 4.
Go back and play No Man's Sky? No, I prefer having fun.
That isn't entirely untrue: https://www.youtube.com/watch?...
User testing! Yay!
"ImportError: No module named scipy.special" is python's way of saying please install scipy. You can do that. I'll throw in my own implementation of the incomplete gamma function to break that library dependence when I work out the equation.
I can't help with your lack of RAM, but how large were the files? Some of the NIST tests increase their memory usage with data size, but NIST specify data sizes to be used with the tests in SP800-22Rev1a.
My problems with the NIST STS-2.1.2 code are:
A) On bad data (high bias) it will lock up (in the igammac function, hence using scipy's in my code, but it could benefit from using mpfr floats ).
B) On good data it finishes but doesn't return a result - no P values, no pass or fail.
C) The parameters in the overlapping template test are wrong.
Nope. That's what a PRNG or DRBG algorithm is. The randomness defined in terms of computations bounds on prediction.
At the time it was CRI. Rambus purchased CRI after that report was written.
There'a a difference, but you can't tell.
The difference becomes relevant in 'quantum secure entropy extractors' which are designed to be secure against 'maximally entangled adversaries'. I.E. Something that does know the state. With non determinism in the universe, quantum secure extractors can be built. In a deterministic universe, they cannot.
Yes and no.
All generations since Ivy Bridge that have a CPU RNG are based on metastability, which treats all types of noise equally.
Before that there was an RNG based on using a thermal noise to drive a VCO which sampled a fast oscillator. This was used in the chipset, not the CPU. The Linux i810 driver is the driver for this older RNG. RdRand doesn't need a driver because it's just an instruction returning numbers from the RNG.
Academics would tell you to use a MAC function instead of a hash, but you'll still get away with it.
Probably not. Dieharder implements distinguishability tests for PRNG algorithms. For an entropy source you want min-entropy estimation algorithms.
The primary source of these algorithms is the SP800-90B draft spec. Unfortunately they don't work well. I submitted public comment to NIST detailing the failures of the tests against simple cases of biased and correlated data. https://github.com/dj-on-githu....
I'll give Dieharder a try when I get time. I added the results from the NIST tests to the repo in the mean time.
If it passes NIST and Diehard I'd expect it to pass Dieharder, but it's worth checking.
Try it sometime. It will fail Dieharder. Not because it's bad, but because perfect data will fail. The output from dieharder -l tells you that the OPSO, OQSO, DNA and SUMS tests are suspect or bad and indeed they fail often over good data. Also the default confidence limits mean you are likely to hit a suspect or fail regardless of the quality of the data.
The updated SP800-22rev1a tests are ok, but not if you use the NIST STS-2.1.2 software. The coefficients for the overlapping template matching test are simply wrong. You can buy my book to find the details when it's out next year, but for now, I've made a working implementation of the SP800-22 tests available at https://github.com/dj-on-githu... . This is the only implementation with the right coefficients.
There's also a tool to generate data of known quality to calibrate your tests. https://github.com/dj-on-githu...
There's also a re-implementation of ent for computing statistics over random data with better file handling than the original: https://github.com/dj-on-githu...
You're welcome.
>Since there isn't a mathematical definition of random generation
Yes there is. There are several. Here are 4: HILL, Yao, Unpredicatibility and Information Theoretic entropy:
https://pdfs.semanticscholar.o...
Ohh. Let me try!
Current physical laws have non determinism built in, because this is what we observe in nature.
However the cause of that non determinism is not explained. It is an observation. It works very well in describing the world we see.
We could if we were speculating wildly, envisage every point in the universe at some sub plank scale containing a uniquely seeded deterministic RNG that is used to decide the outcome of interactions, and we wouldn't be able to tell the difference.
So it's reasonable to 'believe' we have a non deterministic universe, because it's what we see but we don't actually know, and you could equally reasonably choose to 'believe' we live in a deterministic universe because we don't know fundamental laws that would create non-determinism out of determinism, so the non determinism we see is more likely to be from a complex deterministic process underneath.
Since I've had about a decade where the answer to these questions mattered a lot to me (I work in crypto and mostly in RNGs for crypto) I've landed a lot more firmly in the "we don't know" camp and the "We can't tell the difference" camp.
I expect (given my job makes me quite well prepared to answer) that the output would be statistically non stationary and so not fit nicely in a binomial or poisson distribution.
The question that needs answering is "What is the min-entropy of the data from this source".
Another question is "What is the distribution of quality of entropy across a large population of these devices". It seems likely that a large proportion would not work when built due to intrinsic device variation.
They answers might be in the paper, but I've failed to read it yet.
>and the Nevada Gaming Control Board are the arbiters on this matter.
The Nevada Gaming Control Board has an alarmingly weak set of rules for RNGs in gaming machines. It is trivial to make a non random RNG that meets the spec. It is as follows:
1.400 Random Selection Process and Random Number Generator
1. The random selection process must meet 95 percent confidence limits using a standard
chi-squared test for goodness of fit.
2. A gaming device using a software random number generator (RNG) shall:
(a) Not use static seed upon initialization;
(b) Cycle the RNG at a minimum average rate of 100Hz (100 times per second); and
(c) Not draw RNG values for future play.
3. A gaming device using a hardware random number generator shall:
(a) Continually monitor the RNG to ensure compliance with this standard. This shall be done
by performing a chi-squared goodness of fit evaluation over the most recent 10,000 random
outcomes selected for game play;
(b) Automatically maintain an event log displaying the results of the most recent 10 chisquared
tests to include the result of the test and the date and time the test was performed;
(c) Display a visual indicator of a failure; and
(d) Upon, two consecutive failures, enter into a tilt condition.
4. RNG’s used for purposes other than determining the game outcome must either:
(a) Be implemented as a separate instantiation of the RNG process; or
(b) Be based on an algorithm or method that can be demonstrated does not affect the game
outcome.
5. A game that draws a predetermined set of outcomes for a game, such as a shuffled deck
of cards, must prevent the information from being accessible.
6. Additionally, video poker games must not determine replacement cards prior to the player
selecting hold cards and initiating a draw.
7. The RNG and random selection process must be impervious to influences from outside the
device, including, but not limited to, electro-magnetic interference, electro-static interference, and
radio frequency interference.
8. A gaming device must use appropriate communication protocols to protect the random
number generator and random selection process from influence by associated equipment or other
devices which is conducting data communications with the gaming device.
There are many things wrong with this.
ChiSq GOF test for randomness is only a bias test. This 111111111111111110000000000000000000 would pass a Chi-sq test.
95% Confidence limits? You can be wrong 5% of the time?
Minimal conformance to this: "(b) Cycle the RNG at a minimum average rate of 100Hz (100 times per second); " Was used in an active timing attack against a slot machine.
This "(a) Continually monitor the RNG to ensure compliance with this standard. This shall be done
by performing a chi-squared goodness of fit evaluation over the most recent 10,000 random
outcomes selected for game play;" Is trivial to comply with in a completely non random system.
This is impossible: "7. The RNG and random selection process must be impervious to influences from outside the
device, including, but not limited to, electro-magnetic interference, electro-static interference, and
radio frequency interference."
v1 is is talking about a preferring a deterministic RNG vs. a partially entropy entropy source.
A properly engineered RNG for crypto needs non determinism from an entropy source and needs uniform, full entropy data by running it through an entropy extractor. The 'algorithmic method' v1 mentions is a PRNG. It's optional and is used to increase performance by generating many outputs for each seed input.