Nxt Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Nxt Client 1.11.5 - NEW RELEASE: Ardor 2.0.3e TestNet IS LAUNCHED!

Pages: [1]

Author Topic: Feedback, ideas and bug report | Ask here if you need test nxt  (Read 700 times)

crimi

  • Board Moderator
  • Hero Member
  • ****
  • Offline Offline
  • Posts: 883
    • View Profile
  • Karma: +122/-11

You can report in this thread or issue on bitbucket.

If you need test nxt post your address and public key.

I probably start to write a documentation about the most common questions that will be asked here.

Cheers crimi
PeerExplorer.com | NodeExplorer.com

colin012

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
  • Karma: +65/-17

I recently came up with an interesting idea for making better passwords you might like to implement. OK, so there is this website that generates true random numbers using atomic decay. It has a Java library but also an http api if you don't use Java (I don't know what language you used for keystash).

Because the numbers are true random, this makes it more ideal for password generation as it has even distribution. It also runs over an encrypted https connection making it hard to intercept the numbers used.

On the downside, you have to trust the website and the machine that makes the numbers and hope nobody takes the time to decrypt that connection you made when generating the numbers.

Well, I came up with a solution to this problem... You take a true random number from this website, then add it to a fractional pseudorandom number greater than the negative of the true random number and less than or equal to the number of choices in the array minus the true random number generated by Java's SecureRandom class and round it to the nearest whole number. This is a way of getting around the uneven distribution of even + even = even, odd + odd = even, even + odd = odd. In other words any equation involving adding numbers is more likely to end up even than odd. If you add a random fractional number, it has an equal chance of staying even or switching to odd when rounding is involved. You use the resulting number to select the character or number from the array of possible choices.

This method should lead to more even distribution of the possibilities and because there is an additional pseudorandom number added to the original number, the result is trustless. Even if the true random number website starts to broadcast the same number, over and over again to try and control the resulting password they will just end with a standard pseudorandom number between zero and the index of the last result in the array which is no worse than where you started off just using your standard pseudorandom number.

So really there is nothing to lose with this method and true random password generation to gain.
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

crimi

  • Board Moderator
  • Hero Member
  • ****
  • Offline Offline
  • Posts: 883
    • View Profile
  • Karma: +122/-11

Some time ago, i read a lot of stuff about PRNG and TRNG also about randomness from atmospheric noise, diceware etc. I saw also the downside that you than have to trust a website.

Than i finally found the answer i was searching for.

Quote
Just to clarify: The only TRUE random generator that exist in the universe is Quantum Random Bit Generator. There is no other mechanism that will assure you, that generated bits are totally random, because even if now you cannot predict the result there is no guarantee that you won't be able to to that in the future.

Quote
Quantum Random Bit Generator' (QRBG121), which is a fast non-deterministic random bit (number) generator whose randomness relies on intrinsic randomness of the quantum physical process of photonic emission in semiconductors and subsequent detection by photoelectric effect. In this process photons are detected at random, one by one independently of each other. Timing information of detected photons is used to generate random binary digits - bits. The unique feature of this method is that it uses only one photon detector to produce both zeros and ones which results in a very small bias and high immunity to components variation and aging. Furthermore, detection of individual photons is made by a photomultiplier (PMT). Compared to solid state photon detectors the PMT's have drastically superior signal to noise performance and much lower probability of appearing of afterpulses which could be a source of unwanted correlations.

I think if you have a private phrase that is long enough and you achieve a high entropy in it... You are good to go. They are more or less all PRNG.
PeerExplorer.com | NodeExplorer.com

Stagcoin

  • Full Member
  • ***
  • Offline Offline
  • Posts: 102
    • View Profile
  • Karma: +9/-6

Some time ago, i read a lot of stuff about PRNG and TRNG also about randomness from atmospheric noise, diceware etc. I saw also the downside that you than have to trust a website.

Than i finally found the answer i was searching for.

Quote
Just to clarify: The only TRUE random generator that exist in the universe is Quantum Random Bit Generator. There is no other mechanism that will assure you, that generated bits are totally random, because even if now you cannot predict the result there is no guarantee that you won't be able to to that in the future.

Quote
Quantum Random Bit Generator' (QRBG121), which is a fast non-deterministic random bit (number) generator whose randomness relies on intrinsic randomness of the quantum physical process of photonic emission in semiconductors and subsequent detection by photoelectric effect. In this process photons are detected at random, one by one independently of each other. Timing information of detected photons is used to generate random binary digits - bits. The unique feature of this method is that it uses only one photon detector to produce both zeros and ones which results in a very small bias and high immunity to components variation and aging. Furthermore, detection of individual photons is made by a photomultiplier (PMT). Compared to solid state photon detectors the PMT's have drastically superior signal to noise performance and much lower probability of appearing of afterpulses which could be a source of unwanted correlations.

I think if you have a private phrase that is long enough and you achieve a high entropy in it... You are good to go. They are more or less all PRNG.

I am familiar with HotBits. It relies on atomic decay and Heisenberg's Uncertainty Principle to generate bits. It is not quite TRUE TRUE random as there is a (very) negligible increased chance of generating a 1 or a 0. To further negate this already very minor favor, it alternates which bit is favored every bit. So, for the purpose of accessing the data, you have an equal chance of starting on a bit that favored 1 as you do of starting on a bit that favored 0. The error induced by this is 10 million times smaller than the error in the crystal ocelation clock used to measure the time between beta rays poping out of the radioactive material produces. So really, even if a hacker did guess the initial bit favored, the advantage they would gain would be so small that it wouldn't even be worth the effort they spent trying to make an educated guess.

More information here: http://www.fourmilab.ch/hotbits/how3.html

colin012

  • Hero Member
  • *****
  • Offline Offline
  • Posts: 851
  • NXTOrganization Marketing
    • View Profile
  • Karma: +65/-17

Some time ago, i read a lot of stuff about PRNG and TRNG also about randomness from atmospheric noise, diceware etc. I saw also the downside that you than have to trust a website.

Than i finally found the answer i was searching for.

Quote
Just to clarify: The only TRUE random generator that exist in the universe is Quantum Random Bit Generator. There is no other mechanism that will assure you, that generated bits are totally random, because even if now you cannot predict the result there is no guarantee that you won't be able to to that in the future.

Quote
Quantum Random Bit Generator' (QRBG121), which is a fast non-deterministic random bit (number) generator whose randomness relies on intrinsic randomness of the quantum physical process of photonic emission in semiconductors and subsequent detection by photoelectric effect. In this process photons are detected at random, one by one independently of each other. Timing information of detected photons is used to generate random binary digits - bits. The unique feature of this method is that it uses only one photon detector to produce both zeros and ones which results in a very small bias and high immunity to components variation and aging. Furthermore, detection of individual photons is made by a photomultiplier (PMT). Compared to solid state photon detectors the PMT's have drastically superior signal to noise performance and much lower probability of appearing of afterpulses which could be a source of unwanted correlations.

I think if you have a private phrase that is long enough and you achieve a high entropy in it... You are good to go. They are more or less all PRNG.

Maybe I am just paranoid. :( But I still think it would be easy to implement and would, if nothing else, be an advertising point. It may not contribute much to security but it would make stupid people like me feel safer. Even if it has practically no effect. :)
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬
Pages: [1]