[OT] Combinatronics WAS Re: /dev/random and linux security issues (kinda long)
aluminumsulfate at earthlink.net
aluminumsulfate at earthlink.net
Sun May 15 21:24:00 EDT 2005
From: Benjamin Scott <dragonhawk at iname.com>
Date: Sun, 15 May 2005 20:42:38 -0400 (EDT)
<snip>
If the series is statistically random, then the probability of getting *any*
set of N characters it the same. If you have a statistically random penny,
for example, and you flip it 20 times, you have just as much a chance of
getting 20 heads as you do 10 heads, because each individual flip is strictly
50/50, and each flip has no bearing on any other flip. The fact that you get
10 heads in a row does not mean the next one should be tails to "start making
up for the previous 10 heads".
You said you... flunked? combinatronics. :)
If I take my... statistically random penny... and flip it 20 times, the
probability of getting 20 heads is (1/2)^20, or 1/2^20.
The probability of getting 10 heads in 20 flips is:
20C10 (1/2)^10 (1/2)^(20-10) = 20C10 1/2^20
without even calculating 20C10, you can see this is 20C10 times more
likely than getting 20 heads.
The reason for this is that the 20 trials *are* related to each other
in one important way: you're counting them.
Of course, as aluminumsulfate at ... discovered, when it comes to matters of
crypto, one's own tools tend to be the first source of trouble. This is why
peer review of crypto software is absolutely critical.
I think the lessons learned here are:
(1) Always double check your crypto.
(2) Never use Perl BigInt's for anything ever... especially crypto.
(3) When in doubt, use LISP.
:)
--
Ben <dragonhawk at iname.com>
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss at mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
More information about the gnhlug-discuss
mailing list