Journal JetScootr's Journal: Can Alife fix NIST predictable randoms?
As I understand it, a random number generator, from any one given state, will generate only one single string of randoms, the same every time that state is used to seed it. Thus, if one knows the initial state for the entire computer system's random number generation, one knows how to calculate every random in series that computer will come up with.
For example, if all new PCs use exact same initial state on the first boot, then all PCs would generate the same series of randoms using the same generator.
A recent random standard produced by the US govt is said to be predictable by using a second set of state data. I don't know if it is true; I tend to believe the experts more than the US gov.
I don't know if it is even theoretically possible to defeat such a backdoor, but it may be possible to make it less useful.
One idea is to use artificial life to generate seeds. The alife exists in a virtual world with varieties of plants and animals. All evolve and reproduce genetically. Part of their DNA is a seed for use by the OS's random generator.
Combining DNA from two alifes generates a third seed distinct from the parents. Variable timing, events and circumstances in the virtual world causes alife to spawn new seeds, like eating or encountering other alife.
The virtual world is constantly producing randoms as alife live, breed, evolve and die. Many thousands are generated between request instances by other applications in the same computer.
If the world system is robust enough the activities (and the seeds) of the alifes are difficult to predict in a very short time.
Of course, this idea could be simplified to just use large sets of data and genetic algorithms to modify them, but what's the fun in that?
The virtual world provides an API for randoms. The API allows an external application to 'check out' one of the alifes. In the client app, all the alife does is generate randoms, and if requested, give the client its most current. When the client has all the randoms it needs, the alife is checked in or discarded.
The seeds provided to the generator become almost as random as an effective generator itself would be, making backdoor-predictions difficult.
I don't have sufficient math to prove this would effectively defeat a backdoor in the random generation tool, but I suspect it would be helpful.
Is the backdoor sophisticated enough that this method is pointless?
Any math wizzes out there care to comment on this idea?
For example, if all new PCs use exact same initial state on the first boot, then all PCs would generate the same series of randoms using the same generator.
A recent random standard produced by the US govt is said to be predictable by using a second set of state data. I don't know if it is true; I tend to believe the experts more than the US gov.
I don't know if it is even theoretically possible to defeat such a backdoor, but it may be possible to make it less useful.
One idea is to use artificial life to generate seeds. The alife exists in a virtual world with varieties of plants and animals. All evolve and reproduce genetically. Part of their DNA is a seed for use by the OS's random generator.
Combining DNA from two alifes generates a third seed distinct from the parents. Variable timing, events and circumstances in the virtual world causes alife to spawn new seeds, like eating or encountering other alife.
The virtual world is constantly producing randoms as alife live, breed, evolve and die. Many thousands are generated between request instances by other applications in the same computer.
If the world system is robust enough the activities (and the seeds) of the alifes are difficult to predict in a very short time.
Of course, this idea could be simplified to just use large sets of data and genetic algorithms to modify them, but what's the fun in that?
The virtual world provides an API for randoms. The API allows an external application to 'check out' one of the alifes. In the client app, all the alife does is generate randoms, and if requested, give the client its most current. When the client has all the randoms it needs, the alife is checked in or discarded.
The seeds provided to the generator become almost as random as an effective generator itself would be, making backdoor-predictions difficult.
I don't have sufficient math to prove this would effectively defeat a backdoor in the random generation tool, but I suspect it would be helpful.
Is the backdoor sophisticated enough that this method is pointless?
Any math wizzes out there care to comment on this idea?
Can Alife fix NIST predictable randoms? More Login
Can Alife fix NIST predictable randoms?
Slashdot Top Deals