jonald_fyookball
Legendary
 Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
 |
April 08, 2014, 02:52:56 AM |
|
Sounds like a fun project. Very cool. But why do you need to prove randomness?
It is unlikely to provide any business advantage in my opinion.
Security. If your private key ain't truly random. I may be able to guess it and steal your bitcoins. Lol. No way you're going to steal my coins based on an "only" pseudo random key. Anyway, not trying to rain on the parade here, carry on!  |
|
|
|
|
|
|
|
|
|
|
Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
April 08, 2014, 03:16:50 AM |
|
Lol. No way you're going to steal my coins based on an "only" pseudo random key. Anyway, not trying to rain on the parade here, carry on! I think you miss the point. If a PRNG is secure then you have no problems. Are you SURE your PRNG implementation is secure? Coins have be stolen in the past due to flawed PRNG implementations. Now it is unknown if it was just a flaw or an intentional weakness (put there by 3 letter agencies which know they can break unbreakable ciphers when they rely on weak random numbers). Still it doesn't matter the coins were stolen just the same. This isn't a commercial project just something I want to do as a hobby and I will make the hardware and software open source. Hopefully it leads to other open and transparent designs. Sure... All I was saying is that making a PROVABLY unflawed rng isn't going to substantially help customer acquisition for reasons I won't bore you with... Just making a business comment, hope you don't mind! |
|
|
|
|
grifferz
|
|
April 08, 2014, 03:21:24 AM |
|
Have you seen the Simtec Entropykey? http://www.entropykey.co.uk/I have a couple that I use for making sure that virtual machines have enough entropy. They appear to work really well. Sadly I have heard people have been having lots of problems ordering from Simtec recently. |
|
|
|
|
DeathAndTaxes (OP)
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
April 08, 2014, 03:25:53 AM |
|
Sure... All I was saying is that making a PROVABLY unflawed rng isn't going to substantially help customer acquisition for reasons I won't bore you with... What does acquiring customers have to do with this thread? |
|
|
|
|
DeathAndTaxes (OP)
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
April 08, 2014, 03:26:57 AM
Last edit: April 08, 2014, 03:47:00 AM by DeathAndTaxes |
|
Have you seen the Simtec Entropykey? http://www.entropykey.co.uk/I have a couple that I use for making sure that virtual machines have enough entropy. They appear to work really well. Sadly I have heard people have been having lots of problems ordering from Simtec recently. I own one of their keys. It does seem difficult to order more at the current time for some reason (maybe creator moved on to other projects). However the simtec is a black box. I am interested in an open source implementation. |
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
April 08, 2014, 03:31:37 AM |
|
Sure... All I was saying is that making a PROVABLY unflawed rng isn't going to substantially help customer acquisition for reasons I won't bore you with... What does acquiring customers have to do with this thread? Thought you were developing it for some business purpose initially. Btw, why do we need hardware , isn't there enough entropy on the internet that we can access? |
|
|
|
SgtSpike
Legendary
Offline
Activity: 1400
Merit: 1005
|
|
April 08, 2014, 03:34:21 AM |
|
Sure... All I was saying is that making a PROVABLY unflawed rng isn't going to substantially help customer acquisition for reasons I won't bore you with... What does acquiring customers have to do with this thread? Thought you were developing it for some business purpose initially. Btw, why do we need hardware , isn't there enough entropy on the internet that we can access? It's public entropy, so if anyone knows what you are using, they can generate the same "random" numbers. A true RNG would mean no one could reproduce the results. |
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
April 08, 2014, 03:42:23 AM |
|
Sure... All I was saying is that making a PROVABLY unflawed rng isn't going to substantially help customer acquisition for reasons I won't bore you with... What does acquiring customers have to do with this thread? Thought you were developing it for some business purpose initially. Btw, why do we need hardware , isn't there enough entropy on the internet that we can access? It's public entropy, so if anyone knows what you are using, they can generate the same "random" numbers. A true RNG would mean no one could reproduce the results. It could be combined with the entropy of the exact time a random number request was made, along with additional pseudo random number from the server, hash the result, grab some random parameters from that, go get some random feed from online that is also changing in real time, hash that, and you have a pretty doggone random number that no one could arrive at even if they had your source code. |
|
|
|
DannyHamilton
Legendary
 Online
Activity: 3388
Merit: 4622
|
|
April 08, 2014, 03:44:24 AM |
|
It could be combined with the entropy of the exact time a random number request was made, along with additional pseudo random number from the server, hash the result, grab some random parameters from that, go get some random feed from online that is also changing in real time, hash that, and you have a pretty doggone random number that no one could arrive at even if they had your source code.
That sounds awful complex. Wouldn't a simple piece of open source software and some easy to acquire hardware be a simpler and more reliable solution? |
|
|
|
|
|
grifferz
|
|
April 08, 2014, 03:46:58 AM |
|
There is certainly a market for something like the entropykey, though it may be small. Open hardware schematics that third parties can make and sell would be great.
|
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
April 08, 2014, 03:48:00 AM |
|
It could be combined with the entropy of the exact time a random number request was made, along with additional pseudo random number from the server, hash the result, grab some random parameters from that, go get some random feed from online that is also changing in real time, hash that, and you have a pretty doggone random number that no one could arrive at even if they had your source code.
That sounds awful complex. Wouldn't a simple piece of open source software and some easy to acquire hardware be a simpler and more reliable solution? Depends on the application. Generally, I'd rather use a code library than worry about hardware. |
|
|
|
DannyHamilton
Legendary
Online
Activity: 3388
Merit: 4622
|
|
April 08, 2014, 04:22:14 AM |
|
That sounds awful complex. Wouldn't a simple piece of open source software and some easy to acquire hardware be a simpler and more reliable solution?
Depends on the application. Generally, I'd rather use a code library than worry about hardware. That doesn't sound like it would satisfy the desired result: Proving a PRNG is secure is a very difficult task and is impossible when the operating system is not built from source. Quantum mechanics are non-deterministic and thus provide an alternative method of generating randomness.
|
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
April 08, 2014, 04:27:36 AM |
|
That sounds awful complex. Wouldn't a simple piece of open source software and some easy to acquire hardware be a simpler and more reliable solution?
Depends on the application. Generally, I'd rather use a code library than worry about hardware. That doesn't sound like it would satisfy the desired result: Proving a PRNG is secure is a very difficult task and is impossible when the operating system is not built from source. Quantum mechanics are non-deterministic and thus provide an alternative method of generating randomness.
Perhaps. Don't want to get into a long debate, just suggesting there is a lot of real time entropy available through the web as well. Cheers. |
|
|
|
SgtSpike
Legendary
Offline
Activity: 1400
Merit: 1005
|
|
April 08, 2014, 04:45:29 AM |
|
Sure... All I was saying is that making a PROVABLY unflawed rng isn't going to substantially help customer acquisition for reasons I won't bore you with... What does acquiring customers have to do with this thread? Thought you were developing it for some business purpose initially. Btw, why do we need hardware , isn't there enough entropy on the internet that we can access? It's public entropy, so if anyone knows what you are using, they can generate the same "random" numbers. A true RNG would mean no one could reproduce the results. It could be combined with the entropy of the exact time a random number request was made, along with additional pseudo random number from the server, hash the result, grab some random parameters from that, go get some random feed from online that is also changing in real time, hash that, and you have a pretty doggone random number that no one could arrive at even if they had your source code. I disagree. If someone had your source code, they could track all those sources you talk about, and the only thing they'd need to speculate on is the exact time a random number request was made. If you're going to claim that is random enough, then just use the exact time request by itself - everything else adds no additional randomness to someone who has your source code. |
|
|
|
|
Soros Shorts
Donator
Legendary
Offline
Activity: 1617
Merit: 1011
|
|
April 08, 2014, 05:24:16 AM |
|
Does this provide more entropy than something more common and practical, like the camera on your phone? I would imagine that if you hashed a 24-bit 10 megapixel random image you'd get a random number with pretty good entropy. After all, each pixel can be considered as an independent photon counter.
|
|
|
|
|
|
|
sickpig
Legendary
Offline
Activity: 1260
Merit: 1008
|
|
April 08, 2014, 06:16:17 AM
Last edit: April 08, 2014, 12:48:04 PM by sickpig |
|
Thanks for the links. Very useful. And more to the point it seems to validate D&T approach. They are only using a different source of quantum entropy. D&T model seems easier to be developed on a large scale, though. |
Bitcoin is a participatory system which ought to respect the right of self determinism of all of its users - Gregory Maxwell.
|
|
|
DeathAndTaxes (OP)
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
April 08, 2014, 06:26:24 AM |
|
Well to be clear this isn't "my" approach, just the one I am planning to use.  I don't want people to incorrectly give credit where no credit is due. Fourmilabs in switzerland has been providing true random numbers over the internet produced from observing radioactive decay for the better part of a decay. The interesting thing is that micro controllers have gotten fast and cheap enough combined with a lot of open source hardware information at there that it becomes economical for a hobbyist to build their own "hotbits" device at home. |
|
|
|
|
zureman90
Newbie
Offline
Activity: 14
Merit: 0
|
|
April 08, 2014, 07:10:11 AM |
|
May I ask - what are you planning on using the RNG for? Because if it's for applications like generating passwords - it might not be that useful. If there are already quantumcomputers powerful enough to predict the movement of E.Coli..they will surely enough be powerful enough to just bruteforce the passwords.
|
|
|
|
|
|
