[bourgoin]

Here's what I'm wondering, and pardon me if this is a stupid question:

Why go through all of the trouble generating true randomness with a Geiger counter just to use the result as the seed to a PRNG, rather than using your true random method to generate the lottery numbers directly?

[GolDDranks]

Besides the point about a need to generate a large number of random numbers, there's another thing: you don't know the distribution of the true random generator exactly. You know it's random, but in addition to that, the distribution needs to be flat. That's why you use a PRNG with a known-to-be flat distribution to further process the entropy. As an interesting sidenote, though, Mersenne Twister doesn't have a particularly good distribution by modern standards. For this, I would use a cryptographically secure PRNG.

[tpxl]

You can generally turn any random binary distribution into a uniform binary distribution by generating two bits, then if they're different, output the first bit, and if they're the same, ignore the result.

[londons_explore]

01 01 01 01 00 01 01 01 11 01

Doesn't seem to work... It depends on odd bits and even bits having the same distribution, which in many cases they won't.

[MauranKilom]

Yes, the draws from the random distribution must be uncorrelated. But the mentioned algorithm does indeed a "flat" output in this case.

[danielvf]

I'm guessing because the lottery system needed to generate a large number of random numbers (given that they are running lots of lottery systems), and this gives a fairly verifiable way of doing that from one initial chunk of randomness.

That said, I don't work in this area, so you should give my comment very little weight. :)

[sjg007]

A geiger counter counts from 0-9 repeatedly and stops when a muon is detected. I guess you could count longer but I think the 10 digit modulus is sufficient.. not sure. This is the random initialization.

I'm curious at how you would actually successfully hide the control flow. The only think I can think of would be some factorization, maybe a couple of mods, but that would be detectable. You don't want to explicitly modify the control flow per se. I mean you'd have to be able to hide it from code review... and then mathematical review.

[tobyjsullivan]

He was the Security Director with privileged access to the production system. I don't think his changes went through code review.

I'm struggling to differentiate what's established fact and what's the author's theory in this article[0], but it sounds like he could have used a root kit on a USB thumb drive to modify the code directly on the production machine.

[0] https://privacysecuritybrainiacs.com/privacy-professor-blog/...

[encryptluks2]

You can find people that will do a job but not really question what they're doing even if it should be questioned. Developers make spyware and do all kinds of terrible things as long as they get paid they just kind of do what is asked and not ask too many questions.

[pc86]

This sort of implies that the developers just aren't thinking deeply about what they're building. Certainly possible, but you're also much more likely to get garbage software this way. Isn't it as likely (or more so) that the developers just believe in what they're building?

[foxyv]

Typically true random stuff like geiger counters do not have enough entropy in a single reading to be a true secret. They are statistically predictable and produce a curve of data.

By using it to seed a pseudo random number generator you are making the values come out in a completely flat distribution. The geiger counter adds non-deterministic results while the pseudo random number generator adds entropy.

[hermitdev]

My understanding is that for this type of gaming, e.g. gambling, there are regulations governing the randomness and repeatability of the randomness for computer/electronic run games. Part of it due to necessities of verification of sufficient randomness from the perspective of the gamer but also that of the gaming establishment. The game needs to be provably sufficiently random to the advertised odds for fairness to both the gamer and the gaming establishment.

For all intents and purposes, using a true source of randomness as the seed for something like a one-time use of Mersenne Twister as a pseudorandom number generator (PNG) is indistinguishable to an end user of true randomness. What it does do, though, is allow for reproducible testing to ensure you don't have an xkcd PNG [0].

Source: bar chat with a couple of friends & former coworkers who had spent time in that area of gaming (e.g. working on video poker machines destined for casinos), so take it with a grain of salt.

[0] https://xkcd.com/221/

[betenoire]

The amount of entropy is usually limited. For the lottery, it doesn't seem like it would be a problem, but in general, you don't want your function calls to block while gathering "random data"

[numpad0]

Am241 source coupled to a detector sounds sophisticated, but it matches description of now-outdated type of ceiling smoke detectors. It's probably not that mechanically elaborate.

[kube-system]

Am241 smoke detectors (i.e. ionization smoke detector) might be an older technology, but they’re extremely common, at least here in the US.