[Newbies] Re: Tim's Fix for LargeIntger>>AtRandom was: [Newbies] Re: What's wrong with this statement?
***
Cerebus cerebus2 at gmail.com Tue Aug 5 00:31:42 UTC 2008
Interestingly, UUIDGenerator creates 16 bytes of random using Random one bit at a time.
I suspect there are entropy issues all through the image.
UUIDGenerator uses its own generator. It reRandomizes its seed after going thru 100,000 bits. So it won't won't run out.
Currently, for atRandom we use the community shared generator.
In any event it is not the main deal. The problem was LargeInt was not using enough random bits. That was a critical bug because you weren't getting what you thought you were to get, one of n equally random numbers.
The objection Randal raised is that now it is using too many. That's IMO a red herring. There are always ways of generating more random bits. It's not directly part of this problem. If need be could be solved similarly to the way UUIDGenerator solves it.
Partial progress counts, and squeak is made for incremental programming.
When you get a fix you like post it to the mantis report and I'll look at it.
Yours in curiosity and service, --Jerome Peace
<snipped see earlier posts in thread>
***
"Jerome" == Jerome Peace peace_the_dreamer@yahoo.com writes:
Jerome> The objection Randal raised is that now it is using too many. Jerome> That's IMO a red herring.
No, it's not. Multiple calls to a PRNG generate correlated numbers, which can be used for an attack.
You need to use a PRNG that in a single call gives enough bits. And if you don't know that about PRNGs, you're not the one to be fixing this.
I talked about it in terms of entropy because that's the easiest way to see that you're not gaining anything except the illusion of gain, which will bite back some day. You can't get 112 bits of entropy by calling a 56-bit PRNG twice.
It's not progress if it breaks it.
The Cryptography Team implemented a completely different generator, but I can't get the packages to load in 3.10.2 to look at in detail, and it's been a couple of years since I last dinked around with it.
-- T
On Tue, Aug 5, 2008 at 5:18 PM, Randal L. Schwartz merlyn@stonehenge.com wrote:
"Jerome" == Jerome Peace peace_the_dreamer@yahoo.com writes:
Jerome> The objection Randal raised is that now it is using too many. Jerome> That's IMO a red herring.
No, it's not. Multiple calls to a PRNG generate correlated numbers, which can be used for an attack.
You need to use a PRNG that in a single call gives enough bits. And if you don't know that about PRNGs, you're not the one to be fixing this.
I talked about it in terms of entropy because that's the easiest way to see that you're not gaining anything except the illusion of gain, which will bite back some day. You can't get 112 bits of entropy by calling a 56-bit PRNG twice.
It's not progress if it breaks it.
-- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 merlyn@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion _______________________________________________ Beginners mailing list Beginners@lists.squeakfoundation.org http://lists.squeakfoundation.org/mailman/listinfo/beginners
HI Randal,
I drafted two replies to this and didn't feel comfortable enough with either of them to post.
I suspect you are right in what you say.
I am doing some experiments to find out.
So what do you suggest to solve the problem?
More to my interest, what do you suggest as a test to prove the problem is solved to your satisfaction. What is a good or at least reasonable way to test the randomness of larger positive integers?
I want to emphasize that my coding is just for m
(Learning from my own mistakes is the only sure way to get past my stubborn part.)
Basicly, I believe you might be right an the PRNG stuff.
--- On Tue, 8/5/08, Randal L. Schwartz merlyn@stonehenge.com wrote:
From: Randal L. Schwartz merlyn@stonehenge.com Subject: Re: [Newbies] Re: Tim's Fix for LargeIntger>>AtRandom To: "Jerome Peace" peace_the_dreamer@yahoo.com Cc: beginners@lists.squeakfoundation.org Date: Tuesday, August 5, 2008, 6:18 PM
"Jerome" == Jerome Peace
peace_the_dreamer@yahoo.com writes:
Jerome> The objection Randal raised is that now it is using too many. Jerome> That's IMO a red herring.
No, it's not. Multiple calls to a PRNG generate correlated numbers, which can be used for an attack.
You need to use a PRNG that in a single call gives enough bits. And if you don't know that about PRNGs, you're not the one to be fixing this.
I have not set out to. Tim should be able to succeed. My purpose is to encourage him to contribute.
I am interested in writing tests that can show whether a particular solution is working sufficiently or not.
I talked about it in terms of entropy because that's the easiest way to see that you're not gaining anything except the illusion of gain, which will bite back some day. You can't get 112 bits of entropy by calling a 56-bit PRNG twice.
It's not progress if it breaks it.
It was for the Gossamer Condor.
More to the issue. Help design a test to prove if its broken or not.
With respect,
Yours in curiosity and service, --Jerome Peace
"Jerome" == Jerome Peace peace_the_dreamer@yahoo.com writes:
Jerome> So what do you suggest to solve the problem?
Use the code from the Crypto team. If you want that included in the core, make sure it has an MIT license, and submit it as a bug/change-request.
beginners@lists.squeakfoundation.org
-
Cerebus -
Jerome Peace -
merlyn@stonehenge.com