using "reserved" IPv6 space
Stephen Sprunk
stephen at sprunk.org
Thu Jul 19 17:47:52 UTC 2012
On 19-Jul-12 07:47, Mark Andrews wrote:
> In message <CAAAwwbXh1wS_9aX4FwGrqmSBJmKGJ0nWHRi9EN53HtL36VhSSg at mail.gmail.com>, Jimmy Hess writes:
>> When numbers are selected by choosing a random value; certain ratios of bits set to "1" are more likely to occur than other ratios of bits set to "1".
>>
>> A random generator that is operating correctly, is much more likely to emit a number with 50% of the bits set to 1, than it is to emit a number with 0% of the bits set to 1, given a sufficient number of bits. If the ratio is inconsistent by a sufficient margin, and your sample of the bits is large enough in number, you can show with high confidence that the number is not random; a 1 in 10 billion chance of the number being randomly generated, would be pretty convincing, for example.
> Actually you can't.
>
> fdaa:aaaa:aaaa has 20/20 0/1 bits but is entirely non random.
> fdf0:f0f0:f0f0 has 20/20 0/1 bits but is entirely non random.
>
> The ratio of the number of bits doesn't tell you anything about whether
> the number was random or not.
He oversimplified the real entropy test, which covers those cases.
For a sufficiently long stream of random bits, there should be twice as
many runs of length 1 as runs of length 2, twice as many runs of length
2 as runs of length 3, etc. And for each length, they should be evenly
divided between runs of 0s and runs of 1s.
Of course, 40 bits is nowhere near "sufficiently long", but you can
score the entropy and set a lower bound for acceptability. The two
examples above would get very low entropy scores, far below any sensible
lower bound.
>> That is extremely improbable. If you generate a million ULA IDs a day, every day, it is expected to be over 1000 years before you generate one of those two.
> improbable != impossible
All RFC 4193 ever claimed to offer was improbability. If that's not
good enough, get a GUA from your RIR.
S
--
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120719/cc007417/attachment.bin>
More information about the NANOG
mailing list