11-06-2014, 08:28 AM
By random we mean the results one selection from the series are independent of the results for the next.
In a computer program, we know, since it must have been produced using a deterministic 'program' that the results are not truly independent. So the point is to use a program which is sufficiently complex that, given full knowledge of the steps involved, and any reasonable knowledge of past results, we cannot predict future results.
Some programs are poor at this.
PHP rand(), for example only requires knowledge of three sequential 32-bit results, to correctly predict the next. Obviously, this is too weak. But not it requires knowledge of the exact three values. Rand() always returns a set of 32 bits. But, for, say, gender, we only need one of them.
So, assuming rand() is used (it's not), if you're going to attack Gender, you will need exact results for the previous 12,884,901,888 cats produced. In other words, assuming the ONLY randomness is Gender (it's not), one needs the exact gender of every cat ever produced over the past four years, and which will be produced over the next four years. in the precise order of production, with no error or omission. Then one would need to search the entire set of 4,294,967,296 possible series, to correctly predict the Gender of the next cat produced (and, by extension, all future cats).
So, OK,
- assume KittyCatS ignored all advice every PHP programmer would give them
- and assume the random series for Gender is kept separate and intact over 8 years
- and assume you have perfect knowledge of the exact, time-ordered 13 trillion cats produced over those 8 years
- and you have a computer which can search the attack surface of 4.26 trillion points in some reasonable time (say a few days)
then, sure, you can perfectly predict Gender .. FOUR YEARS FROM NOW!
See what I mean about "good enough for the intended use"?
drat. see? off-the-cuff answers are so easy to make math errors.
not 8 YEARS .. I drop some zeroes in my head .. it's 8 MILLENIA. So, get cracking, and let my descendants know when you finally succeed.
In a computer program, we know, since it must have been produced using a deterministic 'program' that the results are not truly independent. So the point is to use a program which is sufficiently complex that, given full knowledge of the steps involved, and any reasonable knowledge of past results, we cannot predict future results.
Some programs are poor at this.
PHP rand(), for example only requires knowledge of three sequential 32-bit results, to correctly predict the next. Obviously, this is too weak. But not it requires knowledge of the exact three values. Rand() always returns a set of 32 bits. But, for, say, gender, we only need one of them.
So, assuming rand() is used (it's not), if you're going to attack Gender, you will need exact results for the previous 12,884,901,888 cats produced. In other words, assuming the ONLY randomness is Gender (it's not), one needs the exact gender of every cat ever produced over the past four years, and which will be produced over the next four years. in the precise order of production, with no error or omission. Then one would need to search the entire set of 4,294,967,296 possible series, to correctly predict the Gender of the next cat produced (and, by extension, all future cats).
So, OK,
- assume KittyCatS ignored all advice every PHP programmer would give them
- and assume the random series for Gender is kept separate and intact over 8 years
- and assume you have perfect knowledge of the exact, time-ordered 13 trillion cats produced over those 8 years
- and you have a computer which can search the attack surface of 4.26 trillion points in some reasonable time (say a few days)
then, sure, you can perfectly predict Gender .. FOUR YEARS FROM NOW!
See what I mean about "good enough for the intended use"?
drat. see? off-the-cuff answers are so easy to make math errors.
not 8 YEARS .. I drop some zeroes in my head .. it's 8 MILLENIA. So, get cracking, and let my descendants know when you finally succeed.