#randomness

divverent@pluspora.com

For those who would like to find out whether or not they should trust this password generator: https://pastebin.com/qyuqLeLk

It uses an not-quite-secure python standard RNG, and calls random.randint on it at least 1554 times (only looked at the first loop, there is more). In doing so, it gets at least 38035 bits of entropy out of random.randint. Too bad Python's RNG only has a state size of 19937 bits.

Problem, math?
Problem, math?

Yes, you read this right: even when generating just ONE password, random bits used in the generation correlate with each other. A rookie mistake.

Solution would be, of course, using random.SystemRandom to fix this flaw once and for all. I suggested this to the author before, but they wouldn't listen and make this one trivial change, and instead just made the random number generation more complicated.

Also, there are some sources of bias in the algorithm, but last time I checked they only lower password entropy by a few bits.

#security #cryptography #randomness #fail


reshare from @I Like Da Web

https://greyhatlaboratories.com/download-vb6-random-password-generator-beta-grey-hat-labs.html #password #security #ghl

dredmorbius@joindiaspora.com

HFT, Sequence Fuzzing, Randomness, and Repeatability

High frequency trading has popped up again on Hacker News with a couple of stories, "Is the U.S. stock market rigged? (cbsnews.com)[1] " and "U.S. stock markets are rigged, says author Michael Lewis (reuters.com)[2] ". As I've mentioned previously, HFT is something that troubles me, both on its own merits and on the statements of others (Warren Buffett, Mark Lewis, and others have criticized it strongly).

One solution that's occasionally mentioned is for either discrete-step trade processing, or randomly assigning lags to orders, with the fuzzing interval being such that HFT operators couldn't be assured of a timeslice within their range of advantage -- prehaps 1-10 seconds (this for a practice which relies on sub-milisecond timings).

And so I suggest a possible replayable yet gaming-resistant fuzzing mechanism.

More at the dreddit

#HFT #randomness #repeatability #trading

http://www.reddit.com/r/dredmorbius/comments/21tm8l/hft_sequence_fuzzing_randomness_and_repeatability/