LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] serious Debian/Ubuntu security hole found

[ILUG] serious Debian/Ubuntu security hole found

paul at clubi.ie paul at clubi.ie
Fri May 16 10:54:31 IST 2008 

On Fri, 16 May 2008, Timothy Murphy wrote:

> Because we know far more about mathematical functions than we do 
> about the physical processes you are talking about.

We do?

I can understand the behaviour of the mathematical function is easier 
to examine and reason about, yes - it requires little in the way of 
equipment (except perhaps a computer).

> Take the time distribution of emissions from radioactive material,
> which is often taken as a model of a random process.

If they're not random processes, then they are systems so complex as 
to be far beyond our capacity to model them (for the foreseeable 
future at least), is my understanding. I.e. they're still far better 
PRNGs than our mathematical ones (at heart).

> There are any number of reasons why this might not in fact be 
> random, eg the measuring apparatus might be defective, there may be 
> cosmic ray emissions from a completely different source, the rate 
> of emission may not be independent of the temperature, the 
> direction of the magnetic field may affect the result, etc, etc.

These sound like factors that would affect the intensity and 
direction of the radiation*. That's not where the entropy lies 
though, so that's not what you'd try measure - the variation in the 
measure of your radiation is what you want.

There are engineering challenges, sure. It just seems to me that 
those are easier to address than coming up with a good function to 
make a PRNG.

Anyway.. interesting ;)

* excluding the possibility of some nasty attacker shooting
   sub-atomic particles at you with per-particle control - which I'm
   not sure is feasible, but even if it is, it only affects the use of
   the RNG for cryptographic purposes.

regards,
-- 
Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
Fortune:
Those who cannot remember the past are condemned to repeat it.
 		-- George Santayana

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell