In
How many non sequiturs can we manage?
Any claim to the production of random numbers that neglects to mention
Fortuna is, excluding everything they have to say on the matter.
Unless you literally reproduce their work (which only I came even
close to) in the text posted. Fortuna is the last word on the
production of high quality random numbers, and their insights drive
home the point that its possible, practical, cheap and, of course,
reduces to an observer problem, which, of course, they obsess over
since their focus is on security.
Algorithms have several characteristics:
1) finiteness;
2) definiteness;
3) input;
4) output;
5) effectiveness.
If you regard Fortuna as being a single transition from one number to
another, it hardly qualifies as a sequence generator.
Da fu? I didn't characterize Fortuna at all. I am recommending that
the OP go read up on it if he wants an example of what it takes to
make an extremely highly quality source of random numbers. Fortuna
represents the limits of how far you can go to produce randomness if
you really need to. What I was describing is the middle ground that
requires assumptions (like that someone isn't intercepting the
keystrokes or simulating the RDTSC instruction, etc, etc) that are
usually easily satisfiable.
Are you literally saying that Fortuna is not an algorithm?
[...] If you regard
it as a generator of a stream of numbers, it is not finite.
What? Its an entropy management system (encoded as, yes, an
algorithm) which feeds a PRNG.
Therefore, it is not an algorithm.
Oh what a strange world it must be inside of your head.
They have a sequence of entropic pools, they draw from them in a
specific sequence dictated by ... wait for it ... an *ALGORITHM*.
[...] Furthermore, it fails to meet the
fifth criterion, that of effectiveness (in Knuth's sense - i.e. that
it is sufficiently basic that the results can in principle be done
exactly by a human being with paper and pencil such that they get
exactly the same result as the computer, which can't be the case for
any process that involves gathering arbitrary data at runtime).
Oh, all heil the furher Knuth! If I draw a grid of lines toss the
pencil upon it, and count the number of lines it crosses, then I will
have a source of entropy. How's that for being pedantic to a flaw?
The Fortuna pool chooser is an algorithm. You have to be demented to
think otherwise.
And I am not getting paid to write code here, so if your complaint is
that I didn't give comprehensive pseudo code for how to do it, go fly
a kite because neither did you.
Less pickily: what I actually said was: "No algorithm can produce a
truly random number sequence. You need a genuine source of entropy,
such as a plasma lamp, a video camera pointing at (say) busy traffic,
a radioactive source, or perhaps weather data. Better still, two or
more such sources, mixed together."
You forgot to mention that you needed a CPU. (Oh and BTW, weather is
not unpredictable.)
By saying what you wrote above, you are saying you need something
special that you don't already have right in front of you. If you
have a Pentium (or some high resolution timer), a keyboard and a mouse
(the mouse is optional, but a heck of a lot better than the keyboard),
then you already have all you need to produce random numbers. You
just need to apply an algorithm to that. Plasma lamps and other
sources for exotic entropy are totally unnecessary. Heck you don't
even need to proceed any further than turning on your system's
microphone if your system has one and you are really going for broke.
By suggesting Fortuna (which gathers genuine entropy as it goes), you
are agreeing with me.
No, because I don't make reference to exotic devices (neither does
Fortuna) for their entropy, while you do.
If you have to be wrong, be polite. If you can't be polite, be right.
(Better still, be both, but we're all human.) Your predilection for
being impolite /and/ wrong is not good for you.
It must be interesting to live in such a totally unaccountable
universe. Remember you came after me this time. And you must know by
now your obstinacy is extremely unimpressive to me.
Are you claiming that numbers /are/ random? [snip]
No! I am not making the kind of error you imagine that I am. Just
fricking *READ*. I am talking about a problem in generation, not
about an imagined quality of numbers. You're just illiterate of
something.
There's something that's making you imagine that I don't have a
superior understanding of this problem than you do. But clearly its
not in my content so you have invent some ghost and pretend that I am
making some error I am not.
How you define it is up to you, and irrelevant to this discussion. The
acid test of practical randomness is not determinism, but
predictability.
And these are different in this context how?
And even as such, you continue to miss the point. Its about *WHO* can
predict or determine. If I have a number from 1 to 10 in my head,
then to *YOU* its random, to *ME* it is not. Randomness is about
point of view, not some neurotic distinction between two words that
mean almost the same thing.
Look up "irony" when you get a minute.
I'm not the one who needs to look up the definition of words.
Numbers are not of themselves either random or non-random. It is
processes for generating numbers that are either random or
non-random. Furthermore, you appear to have misread my article
completely. I didn't say you can't have a true RNG. I said you can't
have a true RNG *algorithm*.
That doesn't even make sense. A generator *IS* an algorithm.
Perhaps what you meant is that something that lives only on the CPU
with entirely predetermined initial state can't produce randomness.
But the truth is, using clock() and fgets() by itself is *almost* good
enough (the problem is that the OS may only accept I/O on timer
interrupts, which alias calls to clock() in ways that undermine its
potential usage for entropy). But you're not making an argument
anything like that.
An algorithm needs only be a way of doing something on a computing
device. So if you take timer offsets between mouse movements or
keyboard clicks, then one is augmenting the device to include a mouse,
timer and CPU, but what you do with it after that point is still an
algorithm.
[...] I pointed out, rather clearly I thought,
that you need a genuine source of entropy if you're going to have a
truly random process. And in blunders Mr Hsieh, saying "Ha! You're
wrong to claim X! The truth is actually X!"
I don't in any way claim that you need lava lamps or other strange
things to produce random numbers (I claimed opposite). Nor do I claim
that RNG or Fortuna is not an algorithm. I hardly see how this
distinction fits in your delusion about how I was responding to you.
If you imagine that there is actually agreement between what we are
saying, and that my distinction is artificial, you would have had to
have mentioned the observer phenomena (which is critical), and/or
Fortuna (which is well known and state of the art, so of course it had
to mentioned). You would also have to accept the definition I gave.
Did you do that? How could we be in implicit agreement if that
weren't the case?
Oh right. You think I am making a claim that number themselves have a
randomness property from what I wrote, and yet *I* am the one who
needs to learn to read. You expose yourself for the fraud that you
are.
[Poker sites are viable.] How could that be possible if you can't
generate random numbers?
I can generate random numbers just fine, thanks - by using a genuine
source of entropy.
Yeah apparently *YOU* need a lava lamp or the weather channel to do
it.
If you actually understood Fortuna, you would also understand why all
of the examples you cites are not such good sources: they are too
slow. Keyboard, mouse and a Pentium (or really any processor with a
hi res timer) and you are done.