On Tue, Dec 19, 2017 at 03:35:21PM -0800, Ryan Carboni wrote:
What if the world isn't dysfunctional? What if it is so by design? What if all nonfeasance and misfeasance is really malfeasance? Isn't the difference between a democracy and a dictatorship a matter of active consent vs passive consent? If five hundred random people were stuffed into Congress and made the laws, would they run the country in the same way? Well, I suppose there are true heroes, like Litt who said that DES couldn't be cracked, and Clapper, who said a "truth" to Wyden who really should have known better.
Anything exceptional that I pointed out is a product of pure deduction, a quality few possess, that the school systems intentionally attempt to deprive their students of.
To perhaps parody Cloudflare's complaint about ARX-512 making ChaCha20 nearly as fast as AES-NI, clearly Linux's /dev/random/ is not fully understood and should be avoided. For the entropy estimate only counts the entropy of individual events, but not the total combinatorial complexity. Since operating systems have no real time guarantee, and all entropy is a product of unobserved events, the order in which events occur certainly adds entropy. Given that combinatorial complexity is not factored in entropy estimates, the entropy estimate should be considered flawed.
In fact, this combinatorial complexity significantly impacts one's ability to manipulate the output of the generator
And/ or ability to predict the output of the generator. But in a useful way from the perspective of the user seeking "secure" random streams.
without knowing the full state, and it might be dangerous for /dev/random/ to treat any source of entropy as 8 bits per byte.
If you think you got this from the code, you might be mistaken - just because /dev/random mixes entropy as bytes, does not mean it makes a determination that 8 bits of entropy are available from every byte.
Perhaps only those capable of communicating in pure deduction can only be trusted by others capable of communicating in the same fashion.
Perhaps those who put out vague statements not directly referenced to specific code, should advise themselves that doing so is less than useful to the discussion on the cryptographic quality of the Linux kernel's /dev/random stream.
Of course the ability to deduce has long been regarded as the prerequisite to investigate or understand anything, and is the foundation of all logic and reason.
And the haughty presumptions arising from a misplaced certainty in one's own capacity to know and to reason about reality (e.g. the source code actually used to drive the Linux kernel's /dev/random, to pick a totally, ahem, random example), may also arise from our "modern" "education".
In the end though, I must repeat someone else's observation, that Google could flip a switch, and 7% of all internet traffic will use a new protocol they devised. I would prefer, in the following order, MitM-vulnerable cryptography, backdoored forward secret ciphers, and then key length restrictions. Not... an impossible to design product, with the source code given to any government (Kaspersky gives their code to the US, IBM gives their source code to Russia)... Hmm.
You can make any software licensed under the GPL if you demand it I suppose (yet it doesn't stop bundling anything with proprietary code). So much happening right in front of your eyes, I doubt if you object to any of it, you can possibly stop it.
You have freedom within the limits of your personal capacity, including the "right" to expand those limits to the extent of your ability, limitations, and will. Good luck,
P.S. To expound upon my previous statement that what one says only has to be facially true, the argument barely has to justify itself, even using weak evidence the audience may very well accept what you say as truth. This makes anything you learn about debating to be a cruel waste of time.
Pick your audience.