Stories with Tag rng

• RNG and Cosine in Nix

  permalink

  Posted: 2025-04-13 00:30:22

  Verbose tl;dr

  This post explores the challenges of generating deterministic random numbers and using cosine within Nix expressions. It highlights that Nix's purity, while beneficial for reproducibility, makes tasks like generating unique identifiers difficult without resorting to external dependencies or impure functions. The author demonstrates various approaches, including using the derivation name as a seed for a pseudo-random number generator (PRNG) and leveraging builtins.currentTime as a less deterministic but readily available alternative. The post also delves into the lack of a built-in cosine function in Nix and presents workarounds, like writing a custom implementation or relying on a pre-built library, showcasing the trade-offs between self-sufficiency and convenience.

  This blog post explores the intricacies of generating random numbers and calculating the cosine of an angle within the Nix functional package manager, a tool used for building and deploying software. The author begins by highlighting the deterministic nature of Nix, emphasizing that even seemingly random operations must be reproducible given the same inputs. This presents a challenge for incorporating randomness, which by definition is non-deterministic. The post then details how Nix addresses this by using a derivations feature for introducing controlled randomness. Derivations are pure functions that produce build instructions, and they can include a special randomSeed attribute. This seed acts as the starting point for a pseudorandom number generator (PRNG), ensuring consistent results for a given derivation. The author demonstrates this with a practical example, showcasing how to generate a random floating-point number between 0 and 1 within a derivation. This is achieved using the lib.randomFloat function from Nixpkgs, which internally utilizes the Xoshiro256** PRNG. The author further elaborates on how one might seed the derivation with a specific value to reproduce the same "random" result across different builds or machines, illustrating the predictable nature of pseudorandomness.

  Moving beyond simple random number generation, the post then tackles the seemingly unrelated topic of calculating the cosine of an angle. The author explains that Nix, prioritizing purity and reproducibility, does not directly offer a cos function in its standard library. Instead, the approach involves leveraging the stdenv.mkDerivation function to build a small C++ program that calculates the cosine. This C++ program utilizes the standard cmath library for the cosine calculation and outputs the result. The Nix derivation packages this process, ensuring that the compilation and execution steps are captured and reproducible. The post provides a detailed example of how to construct this derivation, including the necessary C++ code and Nix expressions. This illustrates how Nix can incorporate external tools and libraries for computations that aren't directly available within its core functionality, while still maintaining its core principles of determinism and reproducibility. The author emphasizes the advantages of this approach: by encapsulating the cosine calculation within a derivation, Nix ensures that the result is always consistent for a given input angle, regardless of the build environment. The post concludes by showcasing how to combine these two concepts – random number generation and cosine calculation – to generate a random point on the unit circle, demonstrating the power and flexibility of Nix derivations for managing complex computations within a reproducible framework.

  • Nix
  • NixOS
  • Functional Programming
  • random number generation
  • rng
  • cosine
  • mathematics
  • programming
  • Operating Systems
  • Configuration Management
  • Declarative Configuration
  • Reproducibility
  • determinism

  Summary of Comments ( 0 )
  https://news.ycombinator.com/item?id=43669057

  Verbose tl;dr

  Hacker News users discussed the blog post about reproducible random number generation in Nix. Several commenters appreciated the clear explanation of the problem and the proposed solution using a cosine function to distribute builds across build machines. Some questioned the practicality and efficiency of the cosine approach, suggesting alternatives like hashing or simpler modulo operations, especially given potential performance implications and the inherent limitations of pseudo-random number generators. Others pointed out the complexities of truly distributed builds in Nix and the need to consider factors like caching and rebuild triggers. A few commenters expressed interest in exploring the cosine method further, acknowledging its novelty and potential benefits in certain scenarios. The discussion also touched upon the broader challenges of achieving determinism in build systems and the trade-offs involved.

  The Hacker News post titled "RNG and Cosine in Nix" sparked a discussion with several interesting comments.

  One commenter questioned the practicality of the approach, pointing out that using a hash function directly would likely be simpler and more efficient than the proposed cosine-based method. They also expressed concern about potential bias introduced by using cosine and suggested that a more rigorous statistical analysis would be necessary to validate the randomness quality.

  Another commenter echoed this sentiment, emphasizing the importance of proper statistical testing for random number generation. They recommended using established test suites like TestU01 to thoroughly evaluate the randomness properties of the generated sequence.

  One user focused on the security implications, warning that the proposed method might not be suitable for cryptographic purposes due to potential predictability. They advised against using custom RNG solutions in security-sensitive contexts and recommended relying on well-vetted cryptographic libraries instead.

  A further commenter offered a different perspective, suggesting that the approach might be useful for generating deterministic random values based on a seed. They envisioned applications in procedural generation, where consistent results are desirable.

  Another individual highlighted the importance of understanding the underlying distribution of the generated random numbers. They noted that different applications may require different distributions (uniform, normal, etc.) and that simply generating seemingly random numbers without considering the distribution could lead to incorrect results.

  Several commenters discussed the mathematical properties of the cosine function and its suitability for RNG. Some expressed skepticism, while others defended its potential, albeit with the caveat that careful analysis and testing are crucial.

  Finally, some comments touched on the specific use case within Nix, the package manager mentioned in the title. They speculated about the potential benefits and drawbacks of using this method for generating unique identifiers or other random values within the Nix ecosystem. However, no definitive conclusions were drawn regarding its practical application in Nix.

• Entropy Attacks

  permalink

  Posted: 2025-03-25 12:20:38

  Verbose tl;dr

  The blog post "Entropy Attacks" argues against blindly trusting entropy sources, particularly in cryptographic contexts. It emphasizes that measuring entropy based solely on observed outputs, like those from /dev/random, is insufficient for security. An attacker might manipulate or partially control the supposedly random source, leading to predictable outputs despite seemingly high entropy. The post uses the example of an attacker influencing the timing of network packets to illustrate how seemingly unpredictable data can still be exploited. It concludes by advocating for robust key-derivation functions and avoiding reliance on potentially compromised entropy sources, suggesting deterministic random bit generators (DRBGs) seeded with a high-quality initial seed as a preferable alternative.

  Daniel J. Bernstein, in his blog post "Entropy Attacks," meticulously dissects the concept of entropy estimation within the realm of cryptography, specifically focusing on its application in generating supposedly random numbers for cryptographic keys. He argues that conventional entropy estimation techniques are fundamentally flawed and can lead to significant security vulnerabilities, leaving systems susceptible to attack. Instead of relying on abstract statistical measures of entropy, Bernstein advocates for a more concrete and pragmatic approach: demonstrably obtaining unpredictable bits.

  Bernstein begins by elucidating the conventional wisdom regarding entropy estimation. This approach typically involves analyzing the potential sources of randomness within a system, such as mouse movements, keyboard timings, or network activity. Each source is assigned an estimated entropy value, reflecting the perceived unpredictability of its output. These individual entropy estimations are then combined to determine the overall entropy of the generated random numbers.

  However, Bernstein argues that these estimations are inherently imprecise and often overly optimistic. He points out that attackers may possess more knowledge about the system than assumed, enabling them to predict the supposedly random bits with higher accuracy than the entropy estimations would suggest. He illustrates this with several examples where seemingly random sources can be influenced or predicted by an astute attacker. For instance, an attacker might analyze network traffic patterns or exploit vulnerabilities in peripheral drivers to gather information about the "random" data being collected.

  Furthermore, Bernstein criticizes the common practice of combining entropy estimates from different sources. He contends that simply adding the individual entropy values doesn't accurately represent the overall entropy, as the sources may be correlated or influenced by common factors. This can lead to a significant overestimation of the true randomness of the generated numbers.

  Instead of relying on these potentially flawed entropy estimations, Bernstein proposes an alternative approach focused on acquiring demonstrably unpredictable bits. He suggests using sources of randomness that are inherently difficult to predict, even by a well-informed attacker. One such example is utilizing high-quality random number generators based on physical phenomena, like radioactive decay or thermal noise, which are inherently unpredictable. Another approach is to leverage publicly verifiable randomness beacons, which provide publicly accessible random bits generated through robust and transparent processes.

  He further emphasizes the importance of rigorous testing and verification of the randomness generation process. Instead of relying on theoretical entropy estimations, Bernstein advocates for empirical testing using statistical randomness tests to ensure the generated numbers exhibit the expected properties of true randomness.

  In conclusion, Bernstein's "Entropy Attacks" serves as a cautionary tale against overreliance on conventional entropy estimations in cryptography. He argues that these estimations are often inaccurate and can lead to a false sense of security. He advocates for a shift towards demonstrably acquiring unpredictable bits and rigorously testing the randomness of generated numbers, ensuring the security of cryptographic systems against potential attacks.

  • entropy
  • Cryptography
  • Security
  • random number generation
  • rng
  • CSPRNG
  • prng
  • Debian
  • Linux
  • Operating Systems
  • software vulnerabilities
  • attacks
  • information theory

  Summary of Comments ( 13 )
  https://news.ycombinator.com/item?id=43470339

  Verbose tl;dr

  The Hacker News comments discuss the practicality and effectiveness of entropy-reduction attacks, particularly in the context of Bernstein's blog post. Some users debate the real-world impact, pointing out that while theoretically interesting, such attacks often rely on unrealistic assumptions like attackers having precise timing information or access to specific hardware. Others highlight the importance of considering these attacks when designing security systems, emphasizing defense-in-depth strategies. Several comments delve into the technical details of entropy estimation and the challenges of accurately measuring it. A few users also mention specific examples of vulnerabilities related to insufficient entropy, like Debian's OpenSSL bug. The overall sentiment suggests that while these attacks aren't always easily exploitable, understanding and mitigating them is crucial for robust security.

  The Hacker News post titled "Entropy Attacks" links to a blog post by Daniel J. Bernstein on entropy estimation. The discussion in the comments section revolves around the complexities and nuances of entropy estimation, particularly in the context of cryptographic systems. Several commenters engage with the technical details presented in Bernstein's post.

  One commenter highlights the difficulty of estimating entropy accurately, especially when dealing with real-world sources that might not exhibit ideal randomness. They mention the "haveged" program as an example of a tool attempting to generate entropy from hardware events, but acknowledge the challenges in ensuring its true randomness.

  Another commenter delves into the distinction between Shannon entropy and min-entropy, emphasizing that cryptographic operations rely on min-entropy for security. They point out that measuring min-entropy is inherently more difficult than measuring Shannon entropy.

  The idea of "compressing" randomness into a smaller, higher-entropy form is also discussed. Commenters explain that while it's possible to extract a shorter, more uniformly random string from a longer, less random one, this process doesn't magically create entropy. The output's entropy is fundamentally limited by the input's entropy.

  One comment specifically references the use of cryptographic hash functions as randomness extractors. They explain how these functions can transform a source with uneven entropy distribution into a more uniformly random output, suitable for cryptographic keys.

  A few commenters touch upon the practical implications of entropy estimation in system security. They acknowledge the difficulty of achieving truly random numbers in software and mention hardware random number generators (RNGs) as a more reliable source. They also discuss how insufficient entropy can lead to vulnerabilities in security systems.

  Finally, some comments offer further reading on related topics, such as the NIST publication on entropy sources and various academic papers on randomness extraction. Overall, the comments section provides valuable insights and perspectives on the challenges of entropy estimation and its crucial role in cryptography.

• Fat Rand: How Many Lines Do You Need to Generate a Random Number?

  permalink

  Posted: 2025-02-05 23:10:47

  Verbose tl;dr

  The blog post "Fat Rand: How Many Lines Do You Need to Generate a Random Number?" explores the surprising complexity hidden within seemingly simple random number generation. It dissects the code behind Python's random.randint() function, revealing a multi-layered process involving system-level entropy sources, hashing, and bit manipulation to ultimately produce a seemingly simple random integer. The post highlights the extensive effort required to achieve statistically sound randomness, demonstrating that generating even a single random number relies on a significant amount of code and underlying system functionality. This complexity is necessary to ensure unpredictability and avoid biases, which are crucial for security, simulations, and various other applications.

  The blog post "Fat Rand: How Many Lines Do You Need to Generate a Random Number?" by Armin Ronacher explores the surprising complexity hidden beneath seemingly simple random number generation in programming. The author begins by highlighting the deceptive ease with which we access randomness in high-level languages like Python, where a single function call, random(), produces a seemingly random floating-point number between 0 and 1. This simplicity, however, masks a substantial amount of underlying machinery.

  Ronacher then delves into the intricate details of how Python's random module generates these numbers. He explains that Python utilizes the Mersenne Twister, a widely-used pseudo-random number generator (PRNG) known for its good statistical properties and performance. He emphasizes that true randomness is difficult to achieve in deterministic computer systems, and PRNGs, like the Mersenne Twister, generate sequences of numbers that appear random but are ultimately determined by an initial "seed" value.

  The post further dissects the implementation of the Mersenne Twister, illustrating its core algorithm involving bitwise operations, array manipulations, and tempering functions to enhance the randomness of the generated output. This detailed walkthrough emphasizes the non-trivial nature of generating high-quality pseudo-random numbers, even within a seemingly simple function call. The author even presents the C code behind the Mersenne Twister implementation within Python, further highlighting the complexity hidden beneath the surface.

  Furthermore, the post touches upon the challenges of seeding the PRNG. While a common approach is to use the current system time, this can lead to predictable sequences if the seed is not sufficiently random. Python addresses this by incorporating system-specific sources of randomness, such as /dev/random on Unix-like systems, to ensure a more unpredictable initial seed. This underscores the importance of proper seeding for robust pseudo-random number generation.

  Finally, Ronacher concludes by emphasizing that the apparent simplicity of generating a random number in Python belies a complex underlying process involving sophisticated algorithms, careful implementation, and attention to system-specific details for seeding. This detailed exploration reveals the significant effort invested in ensuring the quality and reliability of even the most basic random number generation functions, a fact often overlooked by users at the high-level interface. The post serves as a reminder that seemingly simple operations often rest upon a foundation of intricate implementation details.

  • random number generation
  • rng
  • randomness
  • entropy
  • pseudo-random number generators
  • prng
  • software engineering
  • programming
  • algorithms
  • bit manipulation
  • Computer Science
  • performance
  • optimization
  • lines of code
  • code size
  • Efficiency

  Summary of Comments ( 34 )
  https://news.ycombinator.com/item?id=42956697

  Verbose tl;dr

  Hacker News users discussed the surprising complexity of generating truly random numbers, agreeing with the article's premise. Some commenters highlighted the difficulty in seeding pseudo-random number generators (PRNGs) effectively, with suggestions like using /dev/random, hardware sources, or even mixing multiple sources. Others pointed out that the article focuses on uniformly distributed random numbers, and that generating other distributions introduces additional complexity. A few users mentioned specific use cases where simple PRNGs are sufficient, like games or simulations, while others emphasized the critical importance of robust randomness in cryptography and security. The discussion also touched upon the trade-offs between performance and security when choosing a random number generation method, and the value of having different "grades" of randomness for various applications.

  The Hacker News post "Fat Rand: How Many Lines Do You Need to Generate a Random Number?" sparked a discussion with several interesting comments. Many commenters focused on the practicality and implications of the article's exploration of random number generation complexity.

  One commenter highlighted the contrast between the theoretical pursuit of perfect randomness and the practical needs of most applications. They argued that for many use cases, a simple pseudo-random number generator (PRNG) is sufficient, and the added complexity of a "true" random number generator (TRNG) isn't worth the effort. This commenter also pointed out the potential performance overhead of TRNGs, making them less suitable for situations where speed is critical.

  Another commenter discussed the importance of considering the specific requirements of an application when choosing a random number generator. They emphasized that security-sensitive applications, like cryptography, demand a higher level of randomness and unpredictability than, say, a simple game. Therefore, the choice between a PRNG and a TRNG, and the specific implementation, should depend on the context.

  The trade-off between randomness quality and performance was a recurring theme. One commenter mentioned the existence of hybrid approaches that combine PRNGs with a periodic injection of entropy from a TRNG. This strategy aims to balance the efficiency of PRNGs with the improved randomness of TRNGs.

  Several comments also touched on the difficulty of generating truly random numbers. One commenter pointed out the philosophical implications of defining "true" randomness, questioning whether it's even possible to achieve given our deterministic universe. Another commenter mentioned the challenges of building hardware-based TRNGs, which often rely on unpredictable physical phenomena like thermal noise or radioactive decay. Even these methods, they noted, can be susceptible to biases and environmental influences.

  Finally, some commenters shared practical advice and resources related to random number generation. They linked to libraries and tools that offer different levels of randomness and performance characteristics, allowing developers to choose the best option for their specific needs. One commenter even suggested consulting relevant standards and guidelines for best practices in random number generation, particularly for security-critical applications.