Discussion:
Fake random numbers? Bad programmers?
(too old to reply)
Mr. Man-wai Chang
2016-12-11 12:56:13 UTC
Permalink
How to determine whether a random number generator is fake?

How to determine whether a random number generator is cheating?

How do you catch bad programming, algorithm designers and
mathematicians? Use MP3 and JPEG encoding as examples, which involves
something called Fourier Transform! :)
Osmium
2016-12-11 14:48:53 UTC
Permalink
Post by Mr. Man-wai Chang
How to determine whether a random number generator is fake?
How to determine whether a random number generator is cheating?
Put a query such as < validate prng> into google
Mr. Man-wai Chang
2016-12-11 16:00:31 UTC
Permalink
Post by Osmium
Put a query such as < validate prng> into google
Ha ha ha... who generated content for defined "validate prng"?

Why should we trust it, Your Honor? Expert??? ha ha ha ... :)
K Wills (Shill #3)
2016-12-11 22:42:57 UTC
Permalink
On Mon, 12 Dec 2016 00:00:31 +0800, "Mr. Man-wai Chang"
Post by Mr. Man-wai Chang
Post by Osmium
Put a query such as < validate prng> into google
Ha ha ha... who generated content for defined "validate prng"?
Why should we trust it, Your Honor? Expert??? ha ha ha ... :)
Make your own, if you don't trust what others have made
available.
With your paranoia, why do you even use computers?
--
Shill #3.
Strategic Writer, Psychotronic World Dominator and FEMA camp
counselor.
Loading Image...
All hail the taco! http://www.taconati.org/
Mr. Man-wai Chang
2016-12-12 14:11:27 UTC
Permalink
Post by K Wills (Shill #3)
Post by Mr. Man-wai Chang
Ha ha ha... who generated content for defined "validate prng"?
Why should we trust it, Your Honor? Expert??? ha ha ha ... :)
Make your own, if you don't trust what others have made
available.
With your paranoia, why do you even use computers?
If someone was extremely paranoia, he/she/it would NOT trust anything
sensed. Basically, he/she/it was dead like a ghost.

But I can still look at the Sun, the Moon and the stars. :)
FromTheRafters
2016-12-12 15:00:33 UTC
Permalink
Post by K Wills (Shill #3)
Post by Mr. Man-wai Chang
Ha ha ha... who generated content for defined "validate prng"?
Why should we trust it, Your Honor? Expert??? ha ha ha ... :)
Make your own, if you don't trust what others have made
available.
With your paranoia, why do you even use computers?
If someone was extremely paranoia, he/she/it would NOT trust anything sensed.
Basically, he/she/it was dead like a ghost.
But I can still look at the Sun, the Moon and the stars. :)
RNG is not the same as PRNG and PRNG is not the same as CSPRNG. There
are cryptographic 'distinguishers' which can help to distinguish
between randomness and a covered plaintext, but you would have to trust
that it works as advertised.

Basically, you have to trust somebody. Whether the random source is
thermal noise or minute differences in the timing of somewhat regular
natural events you might need a physicist to determine that no innate
bias exists.

Then you probably need a mathematician to check out the math involved
in converting and using that source's output to pick from a set of
numbers. There is no such thing as a random number, only numbers
selected from a set of numbers by a random process, that is 'a randomly
chosen' number.

Then you need a coder/programmer to check out the particular
implementation of that mathematical process to ensure that no bias or
other kind of error is introduced by the implementation process itself.

If you are that kind of polymath, then maybe you can do this all by
yourself, but that is very unlikely. Can you trust yourself to do this
kind of evaluation, even if you are an expert in all of these
disciplines? You might miss something, nobody's perfect, you may need a
team -- which again means trusting someone.
Mr. Man-wai Chang
2016-12-12 15:03:41 UTC
Permalink
Post by FromTheRafters
If you are that kind of polymath, then maybe you can do this all by
yourself, but that is very unlikely. Can you trust yourself to do this
kind of evaluation, even if you are an expert in all of these
disciplines? You might miss something, nobody's perfect, you may need a
team -- which again means trusting someone.
Does encryption protocols use random numbers at all?
FromTheRafters
2016-12-12 15:17:55 UTC
Permalink
Post by Mr. Man-wai Chang
Post by FromTheRafters
If you are that kind of polymath, then maybe you can do this all by
yourself, but that is very unlikely. Can you trust yourself to do this
kind of evaluation, even if you are an expert in all of these
disciplines? You might miss something, nobody's perfect, you may need a
team -- which again means trusting someone.
Does encryption protocols use random numbers at all?
Yes. Cryptography often uses CSPRNGs whose 'seed' is from a true RNG.
Most other applications which need 'random numbers' do not need to be
that unpredictably random.
Mr. Man-wai Chang
2016-12-12 15:30:06 UTC
Permalink
Post by FromTheRafters
Post by Mr. Man-wai Chang
Does encryption protocols use random numbers at all?
Yes. Cryptography often uses CSPRNGs whose 'seed' is from a true RNG.
Most other applications which need 'random numbers' do not need to be
that unpredictably random.
Then it's a lie. Because the so-called digital random number is never
random.

Could we ditch *ALL* digital encryption software and hardware? :)
FromTheRafters
2016-12-12 15:57:42 UTC
Permalink
Post by FromTheRafters
Post by Mr. Man-wai Chang
Does encryption protocols use random numbers at all?
Yes. Cryptography often uses CSPRNGs whose 'seed' is from a true RNG.
Most other applications which need 'random numbers' do not need to be
that unpredictably random.
Then it's a lie. Because the so-called digital random number is never random.
You can make any claims you want about a term you just made up. A
number is a number no matter what base you decide on. By digital do you
mean base ten (based on number of fingers) or base two (binary)? A
rhetorical question, as it doesn't matter.
Could we ditch *ALL* digital encryption software and hardware? :)
Go ahead, it matters not to me. You might like to read this which
touches on your former question.

https://en.wikipedia.org/wiki/Random_number_generator_attack

If you are asking questions only so that you can argue against the
answers, I'm done here.
Mr. Man-wai Chang
2016-12-12 14:13:00 UTC
Permalink
Post by K Wills (Shill #3)
Make your own, if you don't trust what others have made
available.
Could you recommend an expert in 100% true random numbers, that even God
wanna play with that fair and square dice? :)
Post by K Wills (Shill #3)
With your paranoia, why do you even use computers?
Mr. Man-wai Chang
2016-12-11 16:05:18 UTC
Permalink
It's easy to devise images which don't compress well when
frequency-transformed. The classic case is printed text. JPEG encoding
it often destroys the quality.
Fonts could also cheat like Fourier Transform. So could be optical
character recognition. All digital methods have flaws?
But that's a known limitation of the method. Cars are good for
transporting people. If you want to transport large amounts of goods,
you can often do it in a car at a pinch - fold the seats down, add
a roofrack, make several runs. But it's far easier to get a van.
Similarly, we can compress text much better than with JPEG.
Most random-number generation methods in the market is always not a 100%
replica of real randomness, Your Honor? :)
Mr. Man-wai Chang
2016-12-11 16:46:45 UTC
Permalink
It is simple. If you cannot determine all those things - it is random.
Random is just a definition of some math evil priest.
Your Honor:

If the randomness was never truly random, why did they called it "random
number" then?

Did they all lie about their work, which was driving the *WHOLE* game
industry. which then drive hardware sales? :)
Thomas Heger
2016-12-12 00:44:14 UTC
Permalink
Post by Mr. Man-wai Chang
It is simple. If you cannot determine all those things - it is random.
Random is just a definition of some math evil priest.
If the randomness was never truly random, why did they called it "random
number" then?
Did they all lie about their work, which was driving the *WHOLE* game
industry. which then drive hardware sales? :)
Software cannot be really random, since a code is actually a set of
instructions and those are carried out in non-random ways.

Random numbers require a physical process, which is unpredictable in
nature.

For this purpose there are often noise creating diodes used. They are
used in the 'wrong' direction and this causes internal 'noise' inside
the semiconductor.

Now the noise could be filtered out and the result used to create random
numbers.

Software can only create pseudo-random numbers.


TH
bartekltg
2016-12-12 01:02:29 UTC
Permalink
Post by Mr. Man-wai Chang
How to determine whether a random number generator is fake?
Test it.
Then test it for stronger p-value...

https://www.phy.duke.edu/~rgb/General/dieharder.php
The documentation is inside the archive, you have to compile
it using TeX.

http://csrc.nist.gov/groups/ST/toolkit/rng/batteries_stats_test.html
Post by Mr. Man-wai Chang
How to determine whether a random number generator is cheating?
How RG can cheat? You mean generated numbers are biased?
Great, it is quite easy to test!
;-)

You mean that it is not real random number generator,
but PRNG?
Yes, probably is ;-)
The real RNG use 'entrophy form OS' (slow) or special CPU
instruction (many people thint they aren't the best).

If you use it for cryptography, you need use real one.
You also need do read... a lot.

For other purposes, use real RNG to seed your PRNG,
if you want to be fancy.
Post by Mr. Man-wai Chang
How do you catch bad programming, algorithm designers and
mathematicians? Use MP3 and JPEG encoding as examples, which involves
something called Fourier Transform! :)
https://www.ipa.go.jp/files/000011794.pdf
page 27

http://csrc.nist.gov/publications/nistpubs/800-22-rev1a/SP800-22rev1a.pdf
[the same document I tihnk]

https://www.random.org/analysis/Analysis2005.pdf

And probably this will be helpful
https://www.random.org/analysis/
https://www.random.org/randomness/

bartekltg
Mr. Man-wai Chang
2016-12-12 14:51:13 UTC
Permalink
Post by bartekltg
Post by Mr. Man-wai Chang
How to determine whether a random number generator is fake?
Test it.
Then test it for stronger p-value...
https://www.phy.duke.edu/~rgb/General/dieharder.php
The documentation is inside the archive, you have to compile
it using TeX.
http://csrc.nist.gov/groups/ST/toolkit/rng/batteries_stats_test.html
Post by Mr. Man-wai Chang
How to determine whether a random number generator is cheating?
How RG can cheat? You mean generated numbers are biased?
Great, it is quite easy to test!
;-)
You mean that it is not real random number generator,
but PRNG?
Yes, probably is ;-)
The real RNG use 'entrophy form OS' (slow) or special CPU
instruction (many people thint they aren't the best).
If you use it for cryptography, you need use real one.
You also need do read... a lot.
For other purposes, use real RNG to seed your PRNG,
if you want to be fancy.
Post by Mr. Man-wai Chang
How do you catch bad programming, algorithm designers and
mathematicians? Use MP3 and JPEG encoding as examples, which involves
something called Fourier Transform! :)
https://www.ipa.go.jp/files/000011794.pdf
page 27
http://csrc.nist.gov/publications/nistpubs/800-22-rev1a/SP800-22rev1a.pdf [the
same document I tihnk]
https://www.random.org/analysis/Analysis2005.pdf
And probably this will be helpful
https://www.random.org/analysis/
https://www.random.org/randomness/
Maybe we should forget about true randomness from digital, electronic
dice. Then stop calling them "random number", not even "digital random
number"!!!!! :)
bartekltg
2016-12-12 19:17:05 UTC
Permalink
Post by Mr. Man-wai Chang
Maybe we should forget about true randomness from digital, electronic
dice. Then stop calling them "random number", not even "digital random
number"!!!!! :)
There is a name for it. Pseudo-random numbers.

We still can talk about true random numbers. Random, that mean
there is no way to predict it. Hardware generators gives numbers
that is random, (unless you are a philosopher and believe in some
strange deterministic QM interpretation ;-)


If you do not believe in CPU's hardware generators, you can buy
a hardware generator that bases on quantum mechanics
(simpler, based on reflection of a photon, and more advance,
essential a laser but pumped by vacuum fluctuation).

https://arxiv.org/pdf/1411.4512v2.pdf
https://arxiv.org/pdf/1107.4438v1.pdf

You can download a short sample 1GB) of numbers generated that way.

http://qrng.anu.edu.au/

And we can't forgot about true randomness. OK, games
or even very serious monte carlo simulation works very well
without it, but cryptography _need_ an unpredictable random numbers.

bartekltg

Johan Nel
2016-12-12 06:53:24 UTC
Permalink
Hi,
Post by Mr. Man-wai Chang
How to determine whether a random number generator is fake?
How to determine whether a random number generator is cheating?
How do you catch bad programming, algorithm designers and
mathematicians? Use MP3 and JPEG encoding as examples, which involves
something called Fourier Transform! :)
A random number generator can never be "real", we can only try to
emulate it.

If we consider real randomness:

1. Using the same seed will never produce the same sequence of randomness.

2. Into infinity it will never replicate the same sequence.

Therefor, we try to emulate randomness with:

1. Seed calculated as Year * Seconds + Month * Minutes + Day * Hours

2. A numerical value calculated based on the seed which become the new seed.

The above even fail already on Point 1.

1. The same seed will always produce the same "random" sequence.

2. Therefor how fake is a random number generator? "Randomness" is
defined that for the set of random numbers required, the algorithm have
a non-replicating sequence capability far beyond the need of
randomness. Or in English, if we require X "random" numbers, will our
algorithm, given any seed at least have a X^factor likelihood of not
repeating a pattern inside the set.

3. It should always be taken into consideration that for all practical
reasons, the moment the random number is exactly the same as the
original seed, the whole set will start replicating itself. That is
therefor the "upper" limit of randomness. Flaws can also exist in the
algorithm in any other form that a certain random number generated will
start replicating "sub"-patterns in the set.

Hope I made myself clear.

Regards,
--
*Johan Nel*



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
Mr. Man-wai Chang
2016-12-12 14:15:19 UTC
Permalink
Post by Johan Nel
A random number generator can never be "real", we can only try to
emulate it.
Come on... If it's not 100% random, do NOT label it "random"!!! Think
orange juice in a box! How about **extra virgin** olive oil?

Call it pseudo-random or neo-random? :)
Johan Nel
2016-12-12 14:46:53 UTC
Permalink
I seems you answer without reading the complete message.
Post by Mr. Man-wai Chang
Post by Johan Nel
A random number generator can never be "real", we can only try to
emulate it.
Come on... If it's not 100% random, do NOT label it "random"!!! Think
orange juice in a box! How about **extra virgin** olive oil?
Call it pseudo-random or neo-random? :)
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
Mr. Man-wai Chang
2016-12-12 14:49:08 UTC
Permalink
Post by Johan Nel
I seems you answer without reading the complete message.
The problem is always the label/name/tag/sticker/stamp "random"!!! :)
Adam Jensen
2016-12-12 15:35:39 UTC
Permalink
Post by Mr. Man-wai Chang
Post by Johan Nel
I seems you answer without reading the complete message.
The problem is always the label/name/tag/sticker/stamp "random"!!! :)
Two additional problems:

1) The computer programming mindset exists within layers of simulacra.
It's common for programmers to talk about the representation of a thing
as if it were the thing. Example: A term or notion like "concurrent
threads" is often used where a more realistic description like
"interleaved threads" is just as convenient.

2) It is naive to expect truth in advertising and accuracy in
communication. There is significant variation in the capabilities of
people, their motivations, methods, and goals, their knowledge,
perspectives, attitudes, their opinions, preferences, style, and so on.

Beyond this, people have the capacity for demented information
processing. Many people may not have developed much skill in monitoring
(self-awareness) and controlling (self-regulation) that animalistic
baggage (bias) that distorts interpretation and disrupts collaboration.
Michael Moroney
2016-12-12 16:41:27 UTC
Permalink
Post by Mr. Man-wai Chang
Post by Johan Nel
A random number generator can never be "real", we can only try to
emulate it.
Come on... If it's not 100% random, do NOT label it "random"!!! Think
orange juice in a box! How about **extra virgin** olive oil?
Call it pseudo-random or neo-random? :)
In the documentation, pure software "random" number generators are almost
always described as pseudorandom, not actually random. For real randomness
where a pseudorandom sequence isn't good enough, some sort of hardware
generator is needed.
Poutnik
2016-12-12 16:45:32 UTC
Permalink
Post by Michael Moroney
Post by Mr. Man-wai Chang
Post by Johan Nel
A random number generator can never be "real", we can only try to
emulate it.
Come on... If it's not 100% random, do NOT label it "random"!!! Think
orange juice in a box! How about **extra virgin** olive oil?
Call it pseudo-random or neo-random? :)
In the documentation, pure software "random" number generators are almost
always described as pseudorandom, not actually random. For real randomness
where a pseudorandom sequence isn't good enough, some sort of hardware
generator is needed.
Such a "hardware generator" is involved in some password generators,
when an additional entropy is provided
by random user typing or mouse movement ( like e.g. in Keepass )
--
Poutnik ( The Pilgrim, Der Wanderer )

A wise man guards words he says,
as they say about him more,
than he says about the subject.
root
2016-12-12 16:51:02 UTC
Permalink
Post by Michael Moroney
Post by Mr. Man-wai Chang
Post by Johan Nel
A random number generator can never be "real", we can only try to
emulate it.
Come on... If it's not 100% random, do NOT label it "random"!!! Think
orange juice in a box! How about **extra virgin** olive oil?
Call it pseudo-random or neo-random? :)
In the documentation, pure software "random" number generators are almost
always described as pseudorandom, not actually random. For real randomness
where a pseudorandom sequence isn't good enough, some sort of hardware
generator is needed.
There can be no "true" random number generator even admitting hardware
assist. Any amount of serial correlation will result in non-randomness.
A source without serial correlation would require infinite bandwidth.

The whole question is irrelevant. For any pseudo-random source,
the question is how long would you have to observe the source
to have some given degree of certainty that the source was
not random or, rather, how non-random the source was.
Poutnik
2016-12-12 17:10:12 UTC
Permalink
Post by root
Post by Michael Moroney
In the documentation, pure software "random" number generators are almost
always described as pseudorandom, not actually random. For real randomness
where a pseudorandom sequence isn't good enough, some sort of hardware
generator is needed.
There can be no "true" random number generator even admitting hardware
assist. Any amount of serial correlation will result in non-randomness.
A source without serial correlation would require infinite bandwidth.
The whole question is irrelevant. For any pseudo-random source,
the question is how long would you have to observe the source
to have some given degree of certainty that the source was
not random or, rather, how non-random the source was.
Taken exactly, you are right. But practically, you are not.
The level or correlation and predictability
can be hold at negligible level.

E.g. the for the Keepass random PW generator
one has to do a boring lot of mouse movement.
--
Poutnik ( The Pilgrim, Der Wanderer )

A wise man guards words he says,
as they say about him more,
than he says about the subject.
Mr. Man-wai Chang
2016-12-12 18:28:50 UTC
Permalink
Post by Poutnik
Taken exactly, you are right. But practically, you are not.
The level or correlation and predictability
can be hold at negligible level.
E.g. the for the Keepass random PW generator
one has to do a boring lot of mouse movement.
Do you play with Taro cards? :)
Mr. Man-wai Chang
2016-12-12 18:28:11 UTC
Permalink
Post by root
There can be no "true" random number generator even admitting hardware
assist. Any amount of serial correlation will result in non-randomness.
A source without serial correlation would require infinite bandwidth.
The whole question is irrelevant. For any pseudo-random source,
the question is how long would you have to observe the source
to have some given degree of certainty that the source was
not random or, rather, how non-random the source was.
As long as you do NOT gamble, encrypt nor predict the future .... :)
Loading...