[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

If you can see this message, the SSL certificate expiration has been fixed.
Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 42 KB, 1280x720, ezrand.jpg [View same] [iqdb] [saucenao] [google] [report]
72381563 No.72381563 [Reply] [Original] [archived.moe] [rbt]

Technically speaking "chances" are not real, your aren't actually "following the wind" in random number generation.
So, basically, a 100 is predetermined.
What's stopping folks from running a simulation on Unix Epoch to get a 100%?

Why this isn't done? Take game lootboxes, why isn't anyone running a simulation and opening the box at xx:xx?

Most use rand(), and most use x86 architecture

>> No.72381624
File: 98 KB, 782x767, 22f.jpg [View same] [iqdb] [saucenao] [google] [report]

Because seeding from system time is generally insecure.
>what is rdrand/rdseed

>> No.72381625

People are not as stupid as you assume them to be

>> No.72381653

It's not news. Yes, it can be exploited obviously. Most of the time, it's not worth exploiting. Just because you know a fault in a system, doesn't mean you can easily exploit it to your advantage.

>> No.72381677

Try it, then explain to the /g/ class what you learned :D

>> No.72381718

>explain to the /g/ class what you
So by this, this means basically intel has "every CPU different" or else how do you make a source for this particular "random"?
Yeah, i know, i just don't like lootboxes and tought, uuuuuuuhm
Not everyone has a collar attached to their cat

>> No.72381769

Loot boxes or anything else random in an online game is going to do the RNG server side anyway if the devs have a brain larger than a walnut

>> No.72381774

true random numbers can be generated from feedback noise of two transistors, which can depend on quantum fluctuations if properly insulated.

>> No.72381775


>> No.72381778

WOW THIS BLEW MY MIND, Intel uses THERMAL Temperature to generate a stream. WOW
Yes, exactly, that's why you just need to take the "server time"

>> No.72381790

Rdrand is seeded from a hardware csprng that generates more entropy than rand() or mersenne twister algorithms.
They are different because there is a piece of hardware the reseeds rdrand after so many bits of data are read from it.

>> No.72381801

Meant for

>> No.72381831

>Yes, exactly, that's why you just need to take the "server time"
Subsequent calls to rand() change the result. Good luck figuring out how many times the game server called rand() and when the last time the sever was seeded. Let alone the fact that there can be multiple servers with different seeds and startup times balancing the server load. You will find this task impossible without additional knowledge.

>> No.72381849

>Yes, exactly, that's why you just need to take the "server time"
And you do that by......

Common anon think.

>> No.72381875

Is this provided in major compilers like MSVC or GCC?? How to use it?

R-right, i did not figure it out, but still, it's actually simple if you are dedicated, and take some tries collecting data

>> No.72381924

Uint32_t rnd_int32 = 0;

That's about gist of it, I'm phone posting so it might be fucked, just look up compiler intrinsics rdrand

>> No.72381989

Thanks, is this inside a header file?

>> No.72382039

Thanks, i started understanding now... i did not know those type of function existed in a compiler

>> No.72382045

Knowing the step solves a tiny tiny bit of the problem. The real problem is you have no idea how rand is used and what the current step will be when trying to exploit a remote server.

Also, that callback, that's runtime specific isn't it? I'm pretty sure rand() (and its implementation) are extremely lax in requirements so there is no guarantee the target server will have an implementation that is even remotely similar.

>> No.72382103


Just looked it up. Its a built-in function for GCC. Means nothing unless you know that the target is using the exact same rand implementation. Which is something you cannot assume and I don't think you could easily find out.

>> No.72382107

Good luck guessing the seed and the number of times rand has been called when your request arrives.

>> No.72382230

If it worked like that people would be doing it already.

Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.