World: r3wp
[Core] Discuss core issues
older newer | first last |
Dockimbel 8-May-2008 [10490x2] | pseudo random number generator |
I guess that a good start woul be : http://en.wikipedia.org/wiki/Pseudorandom_number_generator | |
Geomol 8-May-2008 [10492x2] | It puzzles me, how you can get more than 2 ** 32 possible outcome from 2 ** 32 different input, so I'll start reading... :-) |
My test show, that random/secure give the exact same sequence of numbers every time, if started with the same seed. Check it with code like: >> random/seed 1 loop 1000000 [random/secure 10000000] random/secure 10000000 == 1253129 >> x: 1 loop 10 [random/seed 1 loop 1000000 [random/secure 10000000] if 1253129 <> random/secure 10000000 [print x] x: x + 1] So I conclude, that I can only make 2 ** 32 different passwords with this, not 60 ** 8. | |
PeterWood 8-May-2008 [10494] | Do you need the passwords to be unique? |
Dockimbel 8-May-2008 [10495] | that random/secure give the exact same sequence of numbers every time, if started with the same seed That's an intended feature ! You should set the seed only *once* with a random (or pseudo-random) value like now/time. |
Geomol 8-May-2008 [10496] | Peter, I'm just investigating, what's the best way to produce random passwords. In some applications, they might need to be unique, not in others. If they need to be unique, the easiest would be to check with passwords produced in the past, I guess. |
PeterWood 8-May-2008 [10497] | A psuedo-random generator should always give the same sequence if you start with the same seed. That's what Reichart was saing. Try the site that Sunanda suggested for an explanation; random.org |
Geomol 8-May-2008 [10498x2] | Doc, then I can't see, how I can get close to 60 ** 8 different passwords, as you claimed. |
Peter, yes random.org is a solution, and a good one. But it doesn't hold in a real application, because what if there's no web connection. I have a routine, that is good enough for my problem. What I'm after, is the best way to do this. I and others might learn from this. | |
Dockimbel 8-May-2008 [10500] | The more I think about it, the more I come to the conclusion that you're right. REBOL's random function might have a period of 2**32 (with a 32bits seed) maybe even less (I can't find the exact period of C rand( )). |
Geomol 8-May-2008 [10501] | !!! :-) |
Dockimbel 8-May-2008 [10502] | You should maybe search for a free implementation of Mersenne twister generator, it can give you up to 2**19937 unique combinations which is far enough for covering the 60**8 range. http://en.wikipedia.org/wiki/Mersenne_twister |
Geomol 8-May-2008 [10503] | So a way to get good random numbers over a long period of time, is to start such a routine (like the Mersenne twister) only once. The routine should then work with a high number of bits, the more the better and store the state, it has come to, to disk. Every time the computer is turned on, it can pick the state from disk, and start from where it left off. A password generator should use this routine and call it between each character in the password. If the routine has high enough resolution, it should be possible to produce 60 ** 8 different passwords. |
Dockimbel 8-May-2008 [10504] | Exactly. |
Geomol 8-May-2008 [10505x2] | Cool, thanks! :-) |
And if a hacker get acces to the state stored on disk, we're screwed again. ;-) | |
Dockimbel 8-May-2008 [10507] | The algorithm used in the C library provided with gcc has a period of 2.88 * 10E9 http://hepwww.ph.qmul.ac.uk/sim/random.html |
Gregg 8-May-2008 [10508] | This is the randomize func I use, FWIW: Alan Parman did quite a bit of R&D and posted this as his best solution. randomize: func [ "Reseed the random number generator." /with seed "date, time, and integer values are used directly; others are converted." ][ random/seed either find [date! time! integer!] type?/word seed [seed] [ to-integer checksum/secure form any [seed now/precise] ] ] |
Reichart 8-May-2008 [10509] | And if a hacker get acces to the state stored on disk, we're screwed again. ;-) And that is why we set the random seed randomly... |
btiffin 8-May-2008 [10510] | John; If you ever get a chance, check out R. http://www.r-project.org It's a statistical analysis language (in the main) and goes to great length to ensure a reproducible random sequence on each run. This allows for verification, stable screen shots of sample graphs etc. I like the fact that REBOL has the same feature of "known" random numbers across runs, until a forced seeding. In Quebec, someone figured out the sequence of the provinicial Keno game. He won three times before someone got suspicious. The lotto corp wanted to deny him his prize money. A judge ruled that if they did, they would have to deny and claw back all winnings from everyone. So they paid. And fumed and puffed out their chest, and then went back to school to learn better programming. :) Last I heard, the guy hasn't cracked the new sequence ... yet. |
Geomol 8-May-2008 [10511] | I installed R on my Mac more than a year ago, but haven't found the time to use it yet (or did't find the need). I've heard, it should be good at doing graphs. |
btiffin 8-May-2008 [10512] | Yep. Bean counter code by bean counter people. :) But the random packages, there are at least five, go into great detail and the issues. Then again, this is REBOL/Core. Beats the pants off R, we just lack the bean counters. :) |
Reichart 8-May-2008 [10513] | Keno, yup....keno programmers are like script kiddies... |
Gabriele 9-May-2008 [10514] | lol, so if you pick each character separately you don't make 60 ** 8 different password? Geomol, you're being really funny. I guess this is what happens when religion takes the place of logic. |
Geomol 9-May-2008 [10515x4] | :-) No, it's what happens, when insight takes the place of ignorance. |
(For the record, I'm not religious.) | |
so if you pick each character separately you don't make 60 ** 8 different password? If I, as a human, pick each char separately, I can make 60 ** 8 different passwords. If I make a digital computer do it based on 2 ** 32 integer pseudo-randomness, I can't! If you disagree, then show me. Doc seems to get it now, so I'm not completely alone with my insight. | |
I'm not fair using the word "ignorance". I don't think, you are. I base my conclusion on the following: See the password generator as a black box, that you feed with an integer, and out come a password. The integer input has 2 ** 32 different combinations and is used for the random/seed. Out come a password, and there can only be 2 ** 32 different passwords coming out at most. It doesn't matter, how the algorithm is constructed, if you put time delay in, call random or random/seed more than once, etc, as long as you don't get other input as the first integer. This is basic in information theory. And it's related to the determinism in digital computing. | |
Dockimbel 9-May-2008 [10519] | Given a good algorithm (like Mersenne twister), and a true random generator for seeding (like hardware sensors) a computer could cover the 60**8 range. A humain brain, even given enough time, can't (I'm talking about generating random combinations, not using loops to generate every single combination). Even worse, humain results would show heterogeneous distribution of results, while computer will give a uniform distribution. So in that case, computers would give you better randomness than analog brains. |
Geomol 9-May-2008 [10520] | Yes, valid points, but it's not what I described at first. If I should construct a random password given the rules, my output will land in a pool of 60 ** 8 possible passwords. I don't have to actual do it. The statement holds anyway. If a computer should construct a random password given the rules (using any deterministic computer and any algorithm, but only with a 32-bit integer input, as in the case of REBOL random/seed), the output will land i a pool of 2 ** 32 possible passwords at most. Of course we can change the frame and get a better result from the computer, but then we change the 'experiment'. In general, I would say the pool from human thoughts and decisions is infinite. It's not from a deterministic computer. So we need true random input and true analog computing with infinite states, if we want our computers to be as good as our brains. |
Dockimbel 9-May-2008 [10521x2] | Why restricting the computer to 32bits input only, when you can feed it with gigabits of inputs ? That's not a fair comparaison. |
In general, I would say the pool from human thoughts and decisions is infinite . That needs to be proved. It can be very high without being infinite. | |
Geomol 9-May-2008 [10523] | In my password generator, how would you feed it with more input? |
Dockimbel 9-May-2008 [10524] | By using a better than REBOL default RANDOM function and using a source of true randomness for seeding. |
Geomol 9-May-2008 [10525] | That needs to be proved. It can be very high without being infinite. I think, it's proven by quantum mechanics in the number of possible outcome from a wave equation. |
Dockimbel 9-May-2008 [10526] | Well...the magical "quantum" is back again. :-) Sorry, but you still didn't prove anything...Do we need to get back to how a neuron fires ? Show me any experiment that has been done proving that neuron's firing is not deterministic (meaning it can be predicted knowing the inputs). |
Geomol 9-May-2008 [10527] | How do I use a better random function, now that it's a routine programmed in REBOL? I could get the source of a better routine and implement it myself. That will give me a better result, yes. I'm not going to do that, as my current routine is good enough for the purpose. How do I access a source of true randomness from within REBOL? random.org has been suggested. Other ways? |
Dockimbel 9-May-2008 [10528x3] | Maybe this thread should be move in another channel |
can = can't | |
reading mouse moves is usually a good source for seeding | |
Geomol 9-May-2008 [10531] | Moving to chat |
Gregg 9-May-2008 [10532] | A long time ago, I remember reading something where the author suggested, as a shared seed, using a substring of PI. |
Gabriele 10-May-2008 [10533x5] | a human picking chars "randomly" will most likely not be random. sadly, i guess we're not going to be able to do a test with a few million people to get a decent sample. |
about 2 ** 32, that's a limitation of *your* algorithm, not RANDOM. indeed, if you don't reset the seed each time, and use random/secure, you probably get all of the possible passwords (and very likely more than humans would pick). besides, it is not proven that random/seed only takes 32 bits of data when seeded with a date!. (C rand() is most likely 32 bit, but random/secure could be using more than that.) | |
if you feed a human a 32 bit int and ask him/her to get you back a password, and it has to give you the same password for the same int, then how many password would the user give you? | |
besides... neurons are know to only be able to fire or not to fire. they are digital, not analog. if the input is above the threashold, the neuron fires. otherwise it does not fire. | |
wave equations have nothing to do with the human brain as far as we know it. if you know more, you should publish an article somewhere, as that would be a breakthrough. | |
btiffin 10-May-2008 [10538] | A psych prof I knew, wrote papers on the quantum clock in our brains. Google "kristofferson professor rate of tone and brain clock" for some references to his research. Sorry for clogging Core. But yeah, his experiments concluded that we definetly think in "waves"; some events go undetected if they occur between 'brain ticks'. He couldn't explain the 'how or why', but he could measure the effect. |
eFishAnt 18-May-2008 [10539] | As better at REBOL I am getting, I am trying to find the trick to rename the title of the Console window itself. I am glad I can probe system, but I just haven't probed it in the right orafice... |
older newer | first last |