The D&D Password Creator...

31 views
Skip to first unread message

Chris M. Thomasson

unread,
Jun 13, 2019, 3:13:13 AM6/13/19
to
A Box filled with 143, or higher, D-20 dice.

Shake the box, vigorously in all directions, not gimbal lock... ;^) for
around a minute... open the box, and read the results? ;^)

Read the faces...

Chris M. Thomasson

unread,
Jun 13, 2019, 3:18:59 AM6/13/19
to
Now... Wrt bias, perhaps I should get some unknown person to shake the
box to remove my own personal bias? Humm... Just some thoughts. Thinking
out loud here.

MM

unread,
Jun 13, 2019, 3:26:00 AM6/13/19
to
I don't get the point. Manual methods of generating randomness are well-understood.

The "coin-toss" incorporates, effectively, any mechanical object whose resting
position after agitation yields random output.

For automated processing in a real-world application, I just read /dev/random, or
whatever the OS's equivalent is.

M
--


Chris M. Thomasson

unread,
Jun 13, 2019, 3:29:09 AM6/13/19
to
I am being a bit sarcastic. However, a box of d20 shaken by a stranger,
should be a crude TRNG...? I am worried about using /dev/random... Read
here:

https://groups.google.com/d/topic/comp.lang.c++/7u_rLgQe86k/discussion
(read all...)

Experimentally using race conditions for a TRNG. A simple move of the
mouse can cast effects, and alter results.

MM

unread,
Jun 13, 2019, 3:38:19 AM6/13/19
to
On Thursday, 13 June 2019 08:29:09 UTC+1, Chris M. Thomasson wrote:
> Experimentally using race conditions for a TRNG. A simple move of the
> mouse can cast effects, and alter results.

A halfway-decent /dev/random does a lot of bit mixing from multiple sources,
and i would hope that entropy from mouse movements is in there.

Look at the Yarrow and Fortuna algorithms from Schneier /et al/, and the CSPRNG
documents FIPS-186-4 and NIST-800-90-A.

M
--

Chris M. Thomasson

unread,
Jun 13, 2019, 4:01:29 AM6/13/19
to
On 6/13/2019 12:13 AM, Chris M. Thomasson wrote:
For fun, imagine if the box was filled with strange broken mirrors as
well... Have a total stranger shake it up... So the reader can write
down other numbers that would not be normally be visible. It seems like
a crude way to extract more than one number from a single die?

Chris M. Thomasson

unread,
Jun 13, 2019, 5:17:31 AM6/13/19
to
I was given some strange advise to not totally trust something like:

https://en.wikipedia.org/wiki/Microsoft_CryptoAPI

Chris M. Thomasson

unread,
Jun 13, 2019, 5:24:27 AM6/13/19
to
I want to avoid the following song:

https://youtu.be/7YvAYIJSSZY

;^o

Chris M. Thomasson

unread,
Jun 13, 2019, 5:28:54 AM6/13/19
to
The sign on the side of the box, say please shake me... ;^)

Chris M. Thomasson

unread,
Jun 13, 2019, 5:33:08 AM6/13/19
to
Customs plays the following song:

https://youtu.be/ccenFp_3kq8

;^)

Rich

unread,
Jun 13, 2019, 9:00:49 AM6/13/19
to
I don't get the connection. You have a multithreaded program where you
output the non-deterministic results of when the threads get chosen
for execution by the kernel scheduler.

And of course a mouse move can change things, a mouse move results in
the kernel needing to execute some other code, changing the timing of
the executions of your code due to the interruptions. This is really
basic comp. arch. stuff here.

And you are worried about /dev/urandom (you really should use urandom,
the silly 'it blocks' aspect of /dev/random is, well, silly, and the
original reason given for why it did this has been thoroughly
debunked).

Rich

unread,
Jun 13, 2019, 9:02:59 AM6/13/19
to
Chris M. Thomasson <invalid_chris_t...@invalid.com> wrote:
Keep in mind that MSWin is closed source, and they have been known to
'cooperate' with certian govt. agencies in the past.

The crypto communities correct belief that the algorithm should be open
to all for inspection would be why you'd get suggestions not to trust a
MS closed source binary where you have no idea what it might 'really'
be doing.

That concern, however, does not translate to /dev/urandom on Linux or
/dev/random on the BSD's since both are open to inspection.

Rich

unread,
Jun 13, 2019, 9:05:08 AM6/13/19
to
Chris M. Thomasson <invalid_chris_t...@invalid.com> wrote:
I would think this would potentially admit bias. The position of the
numbers on the faces of the die are fixed at manufacture time.

Tossing the die and taking the number that ends at the top after it
settles would be random.

But once you have that random number on top, there is a *very direct*
coorelation of number positions on other faces to the face that is on
top. That would seem to potentially introduce bias.

Chris M. Thomasson

unread,
Jun 13, 2019, 7:22:59 PM6/13/19
to
I can see that! On a small label, it says from Eve with love. She wants
that bias.

Chris M. Thomasson

unread,
Jun 13, 2019, 7:26:28 PM6/13/19
to
I created the multi-threaded race condition for fun. Now, your point
about /dev/urandom being open source is very important for a possible
cure for my paranoia. ;^)

Chris M. Thomasson

unread,
Jun 13, 2019, 7:28:17 PM6/13/19
to
I still think the D&D box shaken by a stranger, without the broken
mirrors, should be a bit better? It is not being generated by a software
program... Jesting here. ;^)

Richard Heathfield

unread,
Jun 14, 2019, 12:27:05 AM6/14/19
to
On 14/06/2019 00:28, Chris M. Thomasson wrote:
<snip>
> I still think the D&D box shaken by a stranger, without the broken
> mirrors, should be a bit better? It is not being generated by a software
> program... Jesting here. ;^)

You may find it quicker to use d8s, since you can write the bits down
directly in octal.

(If you can find d16s for hex, so much the better.)

--
Richard Heathfield
Email: rjh at cpax dot org dot uk
"Usenet is a strange place" - dmr 29 July 1999
Sig line 4 vacant - apply within

Chris M. Thomasson

unread,
Jun 14, 2019, 2:33:02 AM6/14/19
to
On 6/13/2019 9:27 PM, Richard Heathfield wrote:
> On 14/06/2019 00:28, Chris M. Thomasson wrote:
> <snip>
>> I still think the D&D box shaken by a stranger, without the broken
>> mirrors, should be a bit better? It is not being generated by a
>> software program... Jesting here. ;^)
>
> You may find it quicker to use d8s, since you can write the bits down
> directly in octal.

Indeed.


> (If you can find d16s for hex, so much the better.)

Much easier! :^D

For fun, I was just thinking of using a 20-ary symbol table. Perhaps a
mapping of:

[0...19] = [0123456789abcdefghij]

Then I can convert it to any base I want. So:

chief would be 2063495 in base 10.

bighead should be 764301813.

deadbeef should be 17570173895.

Still fun to me. :^)
Reply all
Reply to author
Forward
0 new messages