tag:blogger.com,1999:blog-37798047.post891557031357893454..comments2021-03-01T22:11:52.103-05:00Comments on Errata Security: A question for crypto/math peoplesDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-37798047.post-22557685457605726102012-10-30T03:46:41.997-04:002012-10-30T03:46:41.997-04:00The developer preferred that I did not release the...The developer preferred that I did not release the name of the software <a href="http://www.kualitatem.com/security-testing/" rel="nofollow">Security Testing</a>. However, he has reassured me that most of the items have since been fixed which is great. We've spoken, and i've decided to do another round of testing in the next release, which will involve looking at the vulnerabilities already identified, and a new round of testing, hopefully covering more advanced vulnerabilities.Anonymoushttps://www.blogger.com/profile/06736819142095843941noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-13639875577965252672012-10-29T08:45:58.036-04:002012-10-29T08:45:58.036-04:00http://en.wikipedia.org/wiki/Linear_feedback_shift...http://en.wikipedia.org/wiki/Linear_feedback_shift_registerAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-65073239559402320742012-10-27T08:47:03.408-04:002012-10-27T08:47:03.408-04:00"So, what's are some good tests of random..."So, what's are some good tests of randomness I can apply"<br /><br />(Preudo-)randomness is a statistical property stating things that <i>on average</i> one tenth of the numbers in any block ends on a 1 (in decimal notation), etc. etc. It does not mean that in any block of length ten, exactly one number ends on a 1.<br /><br />It's easy to confuse randomness with "evenly spread out in a non-obvious way". If, for instance, you'd ask people to order numbers "in a random way", they're more likely to do the latter.<br /><br />I'm not sure if for what you intend to do, it matters whether it's really random or just evenly spread out. The final paragraph of your update suggests the latter is what you're really interested in. I guess looking at the numbers it generates and making sure there isn't an obvious (and, most importantly, predictable) pattern.<br /><br />Btw, when you choose 993319 and 193939, aren't you computing mod 256? So is there a reason why you don't choose 39 and 147 (which are these respective numbers mod 256) in the first place?martijnhttps://www.blogger.com/profile/03463307000398178175noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-65519317764105697112012-10-26T16:59:52.599-04:002012-10-26T16:59:52.599-04:00Ah, forget all I said, I misread your definition o...Ah, forget all I said, I misread your definition of translate32 - I totally missed the LGN bit. Sorry.<br /><br />Jess has the right answer.martijnhttps://www.blogger.com/profile/03463307000398178175noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-31515871048400575752012-10-26T16:55:37.279-04:002012-10-26T16:55:37.279-04:00Sorry, when I say "divides 2^32+1" I mea...Sorry, when I say "divides 2^32+1" I mean it divides that number MODULO 2^32. In other words, it has a (multiplicative) inverse modulo 32.<br /><br />And ^ means to the power of.martijnhttps://www.blogger.com/profile/03463307000398178175noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-29067781990701943872012-10-26T16:54:38.306-04:002012-10-26T16:54:38.306-04:00Citing Knuth, wikipedia has that an LCG defined:
...Citing Knuth, wikipedia has that an LCG defined:<br /><br />x_n+1 = a * x_n + c (mod m)<br /><br />has a full period when c != 0 iff:<br /><br /> c and m relatively prime<br /> a - 1 divisible by all prime factors of m<br /> a - 1 divisible by 4 if m divisible by 4<br /><br />It seems pretty easy to generate parameters with these properties. It would be harder to generate nice-looking parameters, but I don't think you need crypto-strength randomness for this application.Jesshttps://www.blogger.com/profile/14724970369226999619noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-60391376894961224682012-10-26T16:54:12.944-04:002012-10-26T16:54:12.944-04:00I'm not sure if Fisher-Yates shuffling would w...I'm not sure if Fisher-Yates shuffling would work if you have roughly 32 trillion numbers - that's how many 48-bit numbers there are.<br /><br />It works for 8 bit of course.<br /><br />In your example with 214013 and 2531011, isn't the only property of 214013 you need that it divides 2^32+1, in other words there is a number z such that z*214013 equals 1 mod 2^32?<br /><br />In that case *any* odd number would have worked, and for 2531011 you could have taken any number.<br /><br />It is all very non-random really, but I guess all you need is for it to be opaque enough so that it appears random to anyone seeing the numbers. By choosing the odd number fairly large this criterion is fulfilled.martijnhttps://www.blogger.com/profile/03463307000398178175noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-88943204320022102692012-10-26T16:46:45.638-04:002012-10-26T16:46:45.638-04:00Check out card-shuffling algorithms, such as Fishe...Check out card-shuffling algorithms, such as Fisher-Yates shuffle http://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle. In this case you have a deck of 256 cards (or port numbers) which you want to shuffle to a different order.Andrew Yeomansnoreply@blogger.com