[ILUG] serious Debian/Ubuntu security hole found

Fri May 16 00:36:22 IST 2008

On Thursday 15 May 2008 03:24:04 pm Michael Watterson wrote:

> >> My impression is that while random number generation based on quantum
> >> theory sounds a nice idea, in practice a mathematical pseudo-random
> >> number generator is probably much more reliable, and certainly much
> >> simpler.
> >>
> >> By definition, it is impossible to test if a source is random; What
> >> reason do you have to suppose your "Zener approach" (which I didn't
> >> really understand) produces random output?
> >>
> >> I haven't seen any evidence that intelligently designed pseudo-random
> >> number generators have ever caused any problem. Personally, I'd trust
> >> Knuth much more than any DIY device.
>
> Knuth doesn't trust Knuth for SW compared to a real physical random
> generator.

Where does Knuth say this?

> Look up the meaning of pseudo.

I don't think the meaning of "pseudo" is relevant to the discussion,
which was concerned with "pseudo random number generators".
This is a technical term, which cannot be understood by analyzing
the separate words it consists of.

> People keep finding new ways to predict 
> the taps and length of a long shift register with feedback from short
> sequences. (PRNG).
>
> ... entropy of the seed may not be enough ...
>
> Since it is pseudo, it means that given enough history you CAN deduce
> the series.

> Clever mathematics means you need less history. A physical 
> RNG even with infinite history we can never know what the NEXT number
> is. We are unlikely to ever know if Schroedinger's Cat is alive or dead.
> A Computer program is by definition Deterministic, as yet there is no
> evidence that the Universe is,  though Einstein  found this  very
> disturbing arguing "God does not play dice.."

> Given a sufficiently good watchmaker you can make any computer program
> out of clockwork. There is NO mathematical (i.e. computational method)
> method to make a random number, and there never ever will be. There are
> several ways to get one physically are really random. Thermal noise is
> one of  the simplest & cheapest.  There is a reason why a tungsten
> filament gives a CONTINUOUS  spectrum  (white  noise = thermal noise).
> The  temperature just shifts the distribution curve across the spectrum.
> It's equally random.

This seems very unlikely to me.
In any case, there is by definition no way of knowing if a series is random.

I have no confidence that any of the devices you have described
will provide random numbers, even at the crudest level -
there are all sorts of things that could, and probably would, go wrong -
while I am reasonably sure that the decimals in pi
are equally distributed according to any measure,
as is the output of many other similar mathematical functions.

I was talking to an expert on this subject -
David Epstein, from the University of Warwick -
last week, and he gave as his opinion
that no practical quantum device for producing random numbers
has yet been devised.
(He works with Monte Carlo methods in interpreting medical images,
so would be interested in the topic.)

As a matter of interest, what do _you_ mean by random?
You use the term "white noise" as though it has 
some precise mathematical definition.
I think it is usually used just to mean a noise
in which no pattern can be discerned.

What reason do you have to suppose that the output of photons
from hot tungsten is (in some sense) random?
Just because you don't know something does not mean it is random.

-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland