The relevance of the following is not the crypto (I know nothing, I, know, nuszink on zis topik!), but the highlights regarding human nature to project not only authority upon external "others", but also to project one's own beliefs, or indeed even to project one's wants. That last bit (projecting one's wants) stood out to me today - an extension of the insight re projection. , ----- Forwarded message from Zenaan Harkness <zenaan@freedbms.net> ----- From: Zenaan Harkness <zenaan@freedbms.net> To: debian-user@lists.debian.org Date: Wed, 30 Aug 2017 11:41:03 +1000 Subject: Re: One-line password generator On Tue, Aug 29, 2017 at 02:28:01PM +0200, Thomas Schmitt wrote:
Hi,
now it's not about information technology any more but about math and the difficulty to properly discuss a mathematical opinion.
Zenaan Harkness wrote:
Which myth?
The one denounced by Thomas Huehn's article.
That's not true.
Saying that /dev/random gets fed directly from the entropy pool: https://www.2uo.de/myths-about-urandom/structure-no.png
WHERE in the article does he say that?!!! The article does not say that! The image might seem to suggest that. Once again: QUOTE THE ARTICLE!!! Then, QUOTE ME. Then, and only then, might you see where you are going wrong in your understanding. At the moment, what you keep doing is essentially handwaving, appealing to "the article", yet in the next paragraph denouncing (or expressing your dissatisfaction with) the article. You cannot have it both ways - as in, either you want precision in your own understanding, or you just want to hand wave about "that article" and "some cryptographers" and "what Ted Ts'o said" and what I said which you reply to. If you want to get close to understanding that which you're not understanding about cryptography, you MUST begin to be precise (no more handwaving exercises). Quote PRECISELY what someone (ANYONE!) said, and then quote, EXACTLY what an article or someone else says, that you want to compare the two statements with. Frankly Mr Thomas Schmitt, you continue to completely unfairly place a ridiculous burden upon your conversational compatriots to second- and triple- guess whatever it is that you might possibly think that you're trying to say, and further more guess and assume as to what it is you might be thinking (evidently mostly erroneously) which leads you to be trying to say whatever it is you're trying to say. Here's another homework task for you: Learn the art of axiomatic written communication.
Zenaan Harkness wrote:
I should have wrote "/dev/random should be treated as though it is the input feed to /dev/urandom" (sorry about that).
I wrote:
But that it isn't. The myth model says that it would be.
I can't see the myth in my words that you say is debunked
The word "myth" refers to the topic and title the article, not to your words.
I apologize for any implied belittleing of your arguments. It was not intentional.
NO! Again you are misunderstanding me - you are failing to see that I completely welcome "belittling" of my arguments - I'm not here to win any cryptography awards, and if I'm wrong, I'd much rather know about it. Please see above for my actual points that I am raising. Your lack of precise communication is completely unfair to put on others when you are wanting to gain a deeper understanding of cryptography.
Exactly which part of my sentence above, do you say contradicts what you say just here?
The part that /dev/urandom is equivalent to stemming from /dev/random.
That i absolutely not what I said.
They are more or less siblings, according to Thomas Huehn and Andy Smith.
He might have said that, and you seem to want them to be, but both Huehn's and Smith's position, and your apparent want, are utterly unrelated to what I said. There's a name for this technique (unintended by you I presume) which is called "projection" - you want something to be a certain way, or assume it is a certain way, and so you project upon the words of others what you believe or want to believe. This projection is what you are doing in respect of my words. It stems from a lack of precision in your communication technique, and also from putting a VERY unfair burden on your co-communication partners, and BOTH these two points demonstrate a very unfair laziness on your part - you are wanting easy answers to difficult concepts, and are relying upon whoever responds to you to try and figure out what you're thinking, assuming, projecting and misunderstanding - in the world of cryptography, that's dangerous for you if your need for cryptography is related to your safety.
not a strongly obfuscated but still diluted result.
Yes, your naivety shines through.
I am not alone with that
https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_g... "A CSPRNG can "stretch" the available entropy over more bits."
Everyone in the world can be wrong about something, or any significant subset of the people in the world can be wrong about that thing. But this fact will never change the fact that they're still wrong about it. 1. That's wikipedia, not the bible of computational crypto. 2. The term "stretching" is a convenient metaphor. 3. To understand why "stretching" is an appropriate metaphor requires a deeper understanding of crypto than you or I seem to possess. 4. To understand why "stretching" is an inappropriate metaphor requires only to see that people keep getting lead up the garden path of colourful metaphors.
(The authors of that page throw much more math terms than have been in this thread yet. Whether this makes them more credible stays undecided.)
Their credibility is not relevant to your lack of understanding. You seem to be personally desiring the result of "some external authority I can trust" vs my preferred personal approach of "comprehend enough personally to be able to analyse what purported authorities say on the topic, so that I don't have to rely upon them." Whether I have achieved my intention is completely up for debate - I may well be utterly delusional, and frankly you ought never rely on anything I ever say, about cryptography or otherwise. I am only an authority on what I believe that I comprehend about something, and to the extent that you seek any external (to yourself) authority to "trust" in respect of computational crypography, means I must, absolutely, distance myself from you, as any reliance you put on me is a danger of liability to me. You cannot rely upon what I say about crypography, so don't even think about so relying!
Maybe the answer by Jalai in https://crypto.stackexchange.com/questions/1740/stretching-a-random-seed-to-... points out a lower limit for the loss of entropy by exploiting the key of a cipher. Maybe it's a red herring.
Many possibilities, and no one you can rely upon or trust about it - I suggest the only safe approach is being suspicious of anyone proclaiming authority, ESPECIALLY in respect of any matter which might effect you personally.
This is not the place to gain a deep understanding of cryptographically secure random numbers
You tell me
So you say! And so you kept implying, and now you so say explicitly!
that if i read 1024 bytes from a not very secret stream that was encrypted with a secret 384 bit key i get 1024 bytes of entropy ?
You are now putting words in my mouth. You have crossed a line. Do not do this again. (The way you have done this is in a way which would undermine the separation of authority between myself, yourself, any external authority I may otherwise to choose to trust, and vice versa for yourself, were I to accept your projected assumptive authority!) Take my words as you will, but this technique is completely unacceptable to use in your conversation with me, so speak for yourself! I shall continue finish replying to this email, but you can expect less responses from me foing forward.
I'd like to read the proof for this.
Whatever proof you need for your own strawmen, is a matter for you - attempting to extract things out of others in a way which they would find disrespectful if they understood what you did, is something one might consider striving to avoid.
If you want to comprehend the significance of your naivety, find the number of molecules in the universe,
What does this have to do with the question whether N bits of information can give birth to more than N bits of information ?
How do you expect to comprehend the security of any computational crypto system you choose to use ("trust") if you won't even do the most basic "cryptographic" math when it is suggested to you that doing so may well give rise within you to the understanding you purport to seek? You must begin to be comfortable in your mind with certain concepts, and the interrelation of those concepts, and thus be able to communicate with others (if that's what you want to do) by naming and comfortably relating those concepts to one another. Again, how you can you possibly gain within you the understanding you proclaim to seek, if you cannot communicate readily and freely on various --foundational-- (to cryptography) concepts? (This is an axiom of comprehension, also called a principle although the latter word is overloaded with socio psychological meanings and thus less preferable for precise communication - but hey, I might be utterly off base on my axioms, so don't trust for a minute any axiom that I present - you would merely be projecting authority upon an external source (me) and failing to know from within yourself, which (according to this incredibly humble authority) is a "dick move".) More suggested homework if you truly wish to feel comfortable with computer crypto (which, evidently it appears, you yet do not): - magnitudes - comparing magnitudes - computational difficulty - number spaces, and the magnitudes of number spaces - why cryptography relies on numeric magnitudes - what it means, computationally, to rely on a numeric magnitude - how the magnitude relied upon in the kernel random devices relates to the real world, in a way which is actually useful (this is your "atoms in the universe" homework bit) - understand the difference between the "stretching" metaphor which was provided by the kernel and other tech heads as an analogy to try to explain difficult concepts to those of us who struggle to comprehend what's involved in these algorithms - the difference between information-theoretically secure and computationally secure - the difference between theoretical and infeasible computational security (protip seach term "information theoretic")
you're going down completely non-productive rabbit holes,
I would like to know how one can be so sure that the holes are not productive.
Your "productivity" is a damn lazy imposition you appear to be continue putting on those other than myself who apparently wish to assist in your search for crypto understanding.
without spending the necessary effort to learn about the maths,
Oh. It's not the math. It's the jumps in the argumentation and the lack of proof for strong statements.
Which you will always flounder around when you have such little comprehension of the maths involved. This is what I have termed "cotton wool" thinking - where we want all our cake (the nice secure crypto in this example) AND to eat it too (in this example, to understand it to a level where we feel safe in using it, but without putting the effort in to actually bake the cake - we just want to eat it without effort). You can never have it both ways - either you learn, or you will forever continue to rely on external authorities who appear to contradict one another, and some proclaimed authorities who do contradict one another, and many (!) proclaimed authorities who simply have it wrong.
I can be convinced. Just give me links to convincing texts.
You do the work - it's your journey! As I said, nothing I say can be relied upon, so there's no use me saying anything to you, unfortunately. Respectfully, Zenaan ----- End forwarded message -----