algorithm - Could a truly random number be generated using pings to pseudo-randomly selected IP addresses? -

-

the question posed came during 2nd year comp science lecture while discussing impossibility of generating numbers in deterministic computational device.

this suggestion didn't depend on non-commodity-class hardware.

subsequently nobody put reputation on line argue definitively or against it.

anyone care make stand or against. if so, how mention possible implementation?

i'll put rep on line (at least, 2 points of per downvote).

no.

a malicious machine on network use arp spoofing (or number of other techniques) intercept pings , reply them after periods. not know random numbers are, control them.

of course there's still question of how deterministic local network is, might not easy in practice. since no benefit pinging random ips on internet, might draw entropy ethernet traffic.

drawing entropy devices attached machine well-studied principle, , pros , cons of various kinds of devices , methods of measuring can e.g. stolen implementation of /dev/random.

[edit: general principle, when working in fundamentals of security (and practical needs significant quantities of random data security-related) must assume fantastically well-resourced, determined attacker in power break system.

for practical security, can assume nobody wants pgp key badly, , settle trade-off of security against cost. when inventing algorithms , techniques, need give them strongest security guarantees ever possibly face. since can believe someone, somewhere, might want else's private key badly enough build bit of kit defeat proposal, can't accept advance on current best practice. afaik /dev/random follows close best practice generating random data on cheap home pc]

[another edit: has suggested in comments (1) true of trng physical process influenced, , (2) security concerns don't apply here anyway.

the answer (1) it's possible on realistic hardware better ping response times, , gather more entropy faster, proposal non-solution. in cs terms, can't generate random numbers on deterministic machine, provoked question. in cs terms machine external input stream non-deterministic definition, if we're talking ping aren't talking deterministic machines. makes sense @ real inputs real machines have, , consider them sources of randomness. no matter machine, raw ping times not high on list of sources available, can ruled out before worrying better ones are. assuming network not subverted bigger (and unnecessary) assumption assuming own hardware not subverted.

the answer (2) philosophical. if don't mind random numbers having property can chosen @ whim instead of chance, proposal ok. that's not understand term 'random'. because inconsistent doesn't mean it's random.

finally, address implementation details of proposal requested: assuming accept ping times random, still can't use unprocessed ping times rng output. don't know probability distribution, , aren't uniformly distributed (which people want rng).

so, need decide how many bits of entropy per ping willing rely on. entropy precisely-defined mathematical property of random variable can reasonably considered measure of how 'random' is. in practice, find lower bound you're happy with. hash number of inputs, , convert number of bits of output less or equal total relied-upon entropy of inputs. 'total' doesn't mean sum: if inputs statistically independent sum, unlikely case pings, part of entropy estimate account correlation. sophisticated big sister of hashing operation called 'entropy collector', , oses have one.

if you're using data seed prng, though, , prng can use arbitrarily large seed input, don't have hash because you. still have estimate entropy if want know how 'random' seed value - can use best prng in world, entropy still limited entropy of seed.]


Comments

Post a Comment

Popular posts from this blog

c++ - How do I get a multi line tooltip in MFC -

-
right now, have tool tip pops when hover on edit box. problem tool tip contains multiple error messages , in 1 long line. need have each error message on own line. error messages contained in cstring new line seperating them. my existing code below. bool ontooltiptext(uint, nmhdr* pnmhdr, lresult* presult) { assert(pnmhdr->code == ttn_needtexta || pnmhdr->code == ttn_needtextw); // need handle both ansi , unicode versions of message tooltiptexta* pttta = (tooltiptexta*)pnmhdr; tooltiptextw* ptttw = (tooltiptextw*)pnmhdr; // tchar szfulltext[256]; cstring strtiptext=_t(""); uint nid = pnmhdr->idfrom; if (pnmhdr->code == ttn_needtexta && (pttta->uflags & ttf_idishwnd) || pnmhdr->code == ttn_needtextw && (ptttw->uflags & ttf_idishwnd)) { // idfrom hwnd of tool nid = ::getdlgctrlid((hwnd)nid); } //m_errprojaccel[ch] contains 1 or more error messages each...
Read more

asp.net - In javascript how to find the height and width -

-
i having .aspx , masterpage page. in masterpage loading aspx page . in aspx page design using generating table structure using code-behind server in javascript how find height , width . regards, kumar if you're looking table height , width, should it var tbl = document.getelementbyid('tbldemo'); alert(tbl.offsetwidth + '\n' + tbl.offsetheight);
Read more

c# - DataTable to EnumerableRowCollection -

-
i have datatable according client requirement can contain invalid date "00/00/1999",null,empty string.(typed datset) when collect them enumerables wish convert of invalid forms empty string. (i.e) enumerablerowcollection<datarow> query = order in _table.asenumerable() select new { orderdate= string.isnullorempty(convert.tostring(order.field<datetime>("orderdate")) || (how check date invalid date) ? string.empty : order.field<datetime>("orderdate") } how check whether date valid date or not? datetime.tryparse...like given current code: datetime date; enumerablerowcollection<datarow> query = order in _table.asenumerable() select new { orderdate= string.isnullorempty(convert.tostring(order.field<datetime>("orderdate")) || !datetime.tryparse(convert.tostring(order.field<datetime...
Read more