|
|
#41
10-03-2007, 12:36 PM
|
|||
|
|||
Re: Shuffling at sites
i know i left some typos in my msg, but i assure you im not clueless on rngs. my background includes rng and system security work. i dont claim to be an expert, but some 'experts' on this site are anything but.
the main weakness of an rng is in keeping the seed secure. similarly, the weakness of using real world data to seed an rng (or even, an sha-1 hash function) is that the real world data must be kept safe from tampering. For instance, using thermal noise from a sensor to generate randomness falls apart if the location of the sensor is discovered and the ambient temperature can be affected. mess with the air conditioning in the room where that sensor is located, or mess with the cooling or heating in the location and you might influence the thermal noise. there are those that think pointing a web cam at a lava lamp gives true random numbers, or pointing a solar telescope at sunspot activity. google both f those if you dont believe me. all are genuinely truly random, but all are influencable and capable of being affected by outside influence. if you put your mind to modifying the parameters by which they work, you can influence their results and make them much less random than their optimum operation. its theoretically possible (but impractical). much the same as its theoretically possible to predict the outcome of a prng, but extremely impractical and unlikely) the weakness of using 'real world' data to reseed an rng (frequently) is that this is the weakest point in the system and the place most likely to be compromised in the event of a security breach. the prng itself, if continuously cycled, and if the seed is secure, is quite safe and certainly random enough to be used for shuffling cards with complete randomness. to put it in context, its far far more random than a dealer's shuffle in a poker room. and if mapped from the large rng seed down into a shuffled deck of 52 playing cards, it will be practically impossible that anyone outside could discern the sequence of cards to follow. the well known case of a mistaken implementation of ages ago was not a rng issue, but a system implementation issue. any company that has presented their rng for audit by a recognised rng auditor will be properly scrutinised, in both operation and security of the rng as well as the system implementation. im not saying the pokerstars rng is in any way insecure. im sure its as secure as most other poker room's rng's and that people here shouldnt be misled into believing that a prng is insecure and a rng based on hashing of realworld data is somehow more secure. 
|
|
#42
10-03-2007, 12:50 PM
|
|||
|
|||
|
Re: Shuffling at sites
[ QUOTE ]
[ QUOTE ] I may be clueless about software development, but I am an expert in determining breaches in security and procedures, including detemining how perpetrators were enabled. [/ QUOTE ]What you wrote above doesn't really match and makes no sense. You cannot be an expert in determining how breaches in software happened if you are indeed clueless about software development. [/ QUOTE ] Where exactly did they claim to be an expert in software breaches?
|
|
#46
10-03-2007, 01:47 PM
|
|||
|
|||
|
Re: Shuffling at sites
here's some ref material and otherwise fun links on the subjects were discussing..
http://www.robertnz.net/true_rng.html http://www.robertnz.net/hwrng.htm http://www.seifried.org/security/cry...m-numbers.html http://www.hackaday.com/2005/06/05/l...ber-generator/ http://www.pokerstars.com/poker/room/features/security/ incidentally, their page says they mix it with a prng anyway, so this whole argument has been somewhat academic.
|
|
#49
10-03-2007, 01:58 PM
|
|||
|
|||
|
Re: Shuffling at sites
|
|
#50
10-03-2007, 02:00 PM
|
|||
|
|||
|
Re: Shuffling at sites
|
 |
|
|
Linear Mode
