1. Forum
  2. USENET
  3. sci.crypt

  • Re: MEGARAND Extreme Random Data Generator

    From Battosai@cuadratica@protonmail.com to sci.crypt on Thu Sep 25 05:37:26 2025
    From Newsgroup: sci.crypt

    Byrl Raze Buckbriar <news0@octade.net> wrote:
    MegaRand - build a large random entropy pool with no period,
    pattern, or bias.

    I've analyzed your MegaRand code and must express serious concerns about
    its cryptographic validity and the misleading claims.

    The code primarily sources entropy from /dev/urandom (a PRNG), then
    engages in extensive file system operations and data transformations
    that provide no additional entropy. The complex directory structure
    and multiple shuffling operations are computationally expensive but cryptographically irrelevant - they cannot increase entropy beyond
    the initial /dev/urandom seed.

    Most concerning is the final step: encrypting the random pool using
    a key derived from itself. This is cryptographically meaningless and
    provides no security benefit. The ChaCha20 encryption of already-
    random data with a key derived from that same data is equivalent to
    applying multiple identity transformations.

    As someone working with genuine entropy sources (atmospheric noise
    capture for one-time pads), I must emphasize that true randomness
    requires physical entropy sources, not elaborate transformations of pseudorandom inputs.

    This implementation appears to be security theater rather than cryptographically sound design.

    - Battosai
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Byrl Raze Buckbriar@news0@octade.net to sci.crypt on Wed Nov 12 23:20:14 2025
    From Newsgroup: sci.crypt

    On Thu, 25 Sep 2025 05:37:26 -0000 (UTC)
    Battosai <cuadratica@protonmail.com> wrote:

    This implementation appears to be security theater rather than cryptographically sound design.

    Really? An anonymous cartoon character wants to talk about theater?

    How ironic.

    I am not moved to expend any energy refuting this cartoon's false analysis. If any real human with a real public corpus of work wants to ask about my scripts then I would be willing to address such real people provided they are free of both deceit and hidden motives.

    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Rich@rich@example.invalid to sci.crypt on Sat Nov 15 02:18:02 2025
    From Newsgroup: sci.crypt

    Byrl Raze Buckbriar <news0@octade.net> wrote:
    On Thu, 25 Sep 2025 05:37:26 -0000 (UTC)
    Battosai <cuadratica@protonmail.com> wrote:

    This implementation appears to be security theater rather than
    cryptographically sound design.

    Really? An anonymous cartoon character wants to talk about theater?

    How ironic.

    I am not moved to expend any energy refuting this cartoon's false
    analysis. If any real human with a real public corpus of work wants
    to ask about my scripts then I would be willing to address such real
    people provided they are free of both deceit and hidden motives.

    The effort of proof falls upon those making grandiose claims. You are apparently claiming your system provides better randomness than other conventional methods. This, despite the fact that in 99.9% of the
    cases, every instance of "I have a better widget" as it regards
    cryptography or randomness is snake-oil.

    Therefore the burden is upon you to show that your claims have merit.
    The analysis by the nik Battosai is statistically more likely to be
    100% correct than not in this instance.

    --- Synchronet 3.21a-Linux NewsLink 1.2