2020. 2. 28. 08:41ㆍ카테고리 없음
The CPU architecture bit size (32-bit) has no impact on the random range. You can implement an arbitrary length RNG on any machine.Based on the article it seems that the flaw is that the machine uses the timing of human interaction as a significant seed source. This works well enough for unaware people, but as evidenced here is super easy to exploit once the knowledge is out there.
Using time (e.g. The time the program started) as the PRNG seed is a very common security flaw. Otherwise experienced engineers keep making this mistake even in 2017. I assume you understood that by timing I didn't mean seconds from 1970. Beyond that this seems to be getting into semantics territory on how we define 'seed'. To be clear, I agree with what you're saying about the PRNG flaw.We can probably agree that PRNG is a function that takes an input and produces an output. I guess you take issue with me calling this input the seed.
My use is probably a simplification indeed, but I thought one that doesn't change any principles. Because the user's interaction timing is crucial, it seems pretty clear to me that the exploit is about influencing the input of the PRNG. We can call this input something else, e.g. Internal state. Or we can call it the seed. The Wired story was not accurate.
It's true that some early (late 70s) UK electronic slot machines had predictable payout series, but this was quickly noticed and fixed. It is trivially simple to build electronic slot machines that are not beatable by observing any reasonably short series of outcomes (for that matter, from observing over the lifetime of the machine).The successful electronic slot machine hacks in the last 35 years have all involved either measuring internal machine states or modifying the machines.In this case, the machines were modified to allow profitable play. This is done either to sell the machines to naive casinos (which is what the Russians did in this case) or to casino managers who use them to skim (the manager's confederates win money which need not be reported to casino owners or tax authorities).Another practice is to modify machines to extract the maximum amount from players, exploiting behavioral tendencies, rather than giving random payouts as required by regulation in most jurisdictions. Advantage gamblers sometimes discover these machines and use the knowledge to play profitably. But it's not enough to observe a few dozen outcomes, you need to know something about how the payoffs are structured.You won't find these machines in Nevada, because (a) the regulators are smart and powerful and (b) the place is too big a gold mine to risk over small increases in slots revenue. But there are lots of places with inattentive or weak regulators, in which slots is the whole ball game. Detecting and collecting quantum noise in semiconductors is nothing exotic.
Johnson-Nyquist noise (thermal noise across a resistor or within a capacitor) is relatively easy to measure within an integrated circuit, and is how Intel's RDRAND, Via's true randomness instructions, etc. Another cheap option is to reverse-bias an LED, paint it black, and measure the leakage current, affected by both Johnson-Nyquist noise and redioactive decay / cosmic rays.There's little to no excuse for these slot machines not including at least a crude quantum noise collection circuit. Collecting quantum noise in a circuit is nothing exotic and only requires a hand full of transistors and a couple of capacitors. I'm a bit sad that ARM didn't include a quantum noise instruction in the basic arm64 instruction set.On a side note, it's a shame that WiFi and BlueTooth chipsets don't all have a linear feedback shift register accumulating radio noise. They're already measuring noise and detecting bit errors.
Aristocrat Mk6 Manual 2017
With only a few extra transistors, they could be made to expose radio noise to the kernel for use in /dev/urandom and friends.