Author Topic: Ensuring Cryptographic-Level Randomness (Read 5002 times)

Xalos · May 01, 2013, 12:10:29 AM

Is Blockland's getRandom function cryptographically secure? If not, is there any way to make it cryptographically secure?

Ad Bot · Advertisement

Greek2me · May 01, 2013, 12:29:04 AM

No it's not. I don't really know about the second part, but I highly doubt it.

Port · May 01, 2013, 03:04:47 AM

The only way is to implement your own randomness source.

Ipquarx · May 01, 2013, 06:44:16 PM

It's most certainly not. If you're okay with getting random data from an external source you could use the RANDOM.ORG web api.

Why do you need it to be that secure?

Xalos · May 01, 2013, 09:15:52 PM

Quote from: Ipquarx on May 01, 2013, 06:44:16 PM

Why do you need it to be that secure?

BECAUSE AVATARS ARE SERIOUS BUSINESS.

Ipquarx · May 01, 2013, 11:44:39 PM

Quote from: Xalos on May 01, 2013, 09:15:52 PM

BECAUSE AVATARS ARE SERIOUS BUSINESS.

..?

Lugnut · May 06, 2013, 12:43:57 AM

i would suggest tracking mouse movements and having the user move it randomly

goddamnit, i wanted to make crypto but i dunno how to make an effective bignum library

or you know, (fast crypto) (doesn't suck cryptographically) (on torquestuff)

pick two

now go and prove me wrong - no seriously i want to see this

Xalos · May 06, 2013, 08:23:13 AM

Quote from: Lugnut on May 06, 2013, 12:43:57 AM

or you know, (fast crypto) (doesn't suck cryptographically) (on torquestuff)

pick two

Doesn't suck + on Torquestuff. I don't need it to be fast because I won't be sending large amounts of data using it; I just need it to not be RIDICULOUSLY slow.

MARBLE MAN · May 08, 2013, 12:09:18 AM

are there really no bignum libraries?
you'd think that over the years that someone would have made one :/

Greek2me · May 08, 2013, 01:18:47 AM

Quote from: MARBLE MAN on May 08, 2013, 12:09:18 AM

are there really no bignum libraries?
you'd think that over the years that someone would have made one :/

I think there's several.

edit: Here's a few.
http://scatteredspace.com/forum/index.php?topic=2350.0 (this one looks nice)
http://www.ipquarx.com/Math.cs
http://forum.blockland.us/index.php?topic=175745.msg4549438#msg4549438

Ipquarx · May 08, 2013, 06:46:06 PM

If there are any missing operations in mine, just let me know, I have the rest tucked away somewhere in my blockland folder. Note that mine is meant for integers only though.

And once again xalos, you could just use the random.org web API, you get 200,000 bits of quota every day and since you said you don't need huge amounts, that should be more than enough.

Lugnut · May 09, 2013, 11:52:36 AM

I would suggest whoever uses those should make them "threaded" or something using schedules and breaking the work up into pieces so they don't eat your computer alive or crash blockland because it stops responding.

MARBLE MAN · May 13, 2013, 02:04:16 AM

Quote from: Lugnut on May 09, 2013, 11:52:36 AM

I would suggest whoever uses those should make them "threaded" or something using schedules and breaking the work up into pieces so they don't eat your computer alive or crash blockland because it stops responding.

This,
Recursive methods are scary with large numbers...

Brian Smithers · May 13, 2013, 09:30:00 AM

Port · May 13, 2013, 10:00:31 AM

Quote from: Brian Smithers on May 13, 2013, 09:30:00 AM

This will still repeat at some point and, with the same base seed, will always give the same result. Except no, because it won't work at all.
This isn't Python, ** isn't a valid operator. Secondly, TorqueScript can't handle the magnitude of numbers you're using.
50000⁵⁰⁰⁰⁰ is obviously way above 999999. 234949 digits is a lot more than 6 digits.

Quote from: Brian Smithers on May 13, 2013, 09:30:00 AM

And each time you perform a getRandom(); a new seed is planted (not literally I mean a new seed is set).

I don't see you using setRandomSeed anywhere?