Quantcast
[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

If you can see this message, the SSL certificate expiration has been fixed.
Become a Patron!

/g/ - Technology


View post   

[ Toggle deleted replies ]
File: 42 KB, 1280x720, ezrand.jpg [View same] [iqdb] [saucenao] [google] [report]
72381563 No.72381563 [Reply] [Original] [archived.moe] [rbt]

Technically speaking "chances" are not real, your aren't actually "following the wind" in random number generation.
So, basically, a 100 is predetermined.
What's stopping folks from running a simulation on Unix Epoch to get a 100%?

Why this isn't done? Take game lootboxes, why isn't anyone running a simulation and opening the box at xx:xx?

Most use rand(), and most use x86 architecture

>> No.72381624
File: 98 KB, 782x767, 22f.jpg [View same] [iqdb] [saucenao] [google] [report]
72381624

Because seeding from system time is generally insecure.
>what is rdrand/rdseed

>> No.72381625

People are not as stupid as you assume them to be

>> No.72381653

>>72381563
It's not news. Yes, it can be exploited obviously. Most of the time, it's not worth exploiting. Just because you know a fault in a system, doesn't mean you can easily exploit it to your advantage.

>> No.72381677

Try it, then explain to the /g/ class what you learned :D

>> No.72381718

>>72381624
>explain to the /g/ class what you
So by this, this means basically intel has "every CPU different" or else how do you make a source for this particular "random"?
>>72381653
Yeah, i know, i just don't like lootboxes and tought, uuuuuuuhm
>>72381677
Not everyone has a collar attached to their cat

>> No.72381769

>>72381563
Loot boxes or anything else random in an online game is going to do the RNG server side anyway if the devs have a brain larger than a walnut

>> No.72381774

>>72381563
true random numbers can be generated from feedback noise of two transistors, which can depend on quantum fluctuations if properly insulated.

>> No.72381775

>>72381563
bazinga

>> No.72381778

>>72381624
>rdseed
WOW THIS BLEW MY MIND, Intel uses THERMAL Temperature to generate a stream. WOW
>>72381769
Yes, exactly, that's why you just need to take the "server time"

>> No.72381790

Rdrand is seeded from a hardware csprng that generates more entropy than rand() or mersenne twister algorithms.
They are different because there is a piece of hardware the reseeds rdrand after so many bits of data are read from it.

>> No.72381801

>>72381790
Meant for
>>72381718
From
>>72381624

>> No.72381831

>>72381778
>Yes, exactly, that's why you just need to take the "server time"
Subsequent calls to rand() change the result. Good luck figuring out how many times the game server called rand() and when the last time the sever was seeded. Let alone the fact that there can be multiple servers with different seeds and startup times balancing the server load. You will find this task impossible without additional knowledge.

>> No.72381849

>>72381778
>Yes, exactly, that's why you just need to take the "server time"
And you do that by......

Common anon think.

>> No.72381875

>>72381790
Is this provided in major compilers like MSVC or GCC?? How to use it?

>>72381831
R-right, i did not figure it out, but still, it's actually simple if you are dedicated, and take some tries collecting data

>> No.72381924

>>72381875
[Code]
Uint32_t rnd_int32 = 0;
__builtin_ia32_rdrand32_step(&rnd_int32);
[/code]

That's about gist of it, I'm phone posting so it might be fucked, just look up compiler intrinsics rdrand

>> No.72381989

>>72381924
Thanks, is this inside a header file?

>> No.72382039

>>72381924
Thanks, i started understanding now... i did not know those type of function existed in a compiler

>> No.72382045

>>72381924
>__builtin_ia32_rdrand32_step(&rnd_int32);
Knowing the step solves a tiny tiny bit of the problem. The real problem is you have no idea how rand is used and what the current step will be when trying to exploit a remote server.

Also, that callback, that's runtime specific isn't it? I'm pretty sure rand() (and its implementation) are extremely lax in requirements so there is no guarantee the target server will have an implementation that is even remotely similar.

>> No.72382103

>>72382045
https://gcc.gnu.org/onlinedocs/gcc/x86-Built-in-Functions.html

Just looked it up. Its a built-in function for GCC. Means nothing unless you know that the target is using the exact same rand implementation. Which is something you cannot assume and I don't think you could easily find out.

>> No.72382107

Good luck guessing the seed and the number of times rand has been called when your request arrives.

>> No.72382230

>>72381563
If it worked like that people would be doing it already.

>>
Name (leave empty)
Comment (leave empty)
Name
E-mail
Subject
Comment
Password [?]Password used for file deletion.
Captcha
Action