[Cryptography] Not so random numbers and really random ones, kinda look the same generally
dankolis at gmail.com
Tue Nov 19 13:49:32 EST 2019
Russ Allbery <eagle at eyrie.org> Noted a day ago bad random number generators
have serious consequences.
Russ A. cited an article at:
Describes a RNG used in Etherium ecosystem that is insanely, inconceivably
I note it is a fundamentally deceiving flaw. For instance, in a program I'm
writing a process makes a filename randomly hoping it never collides with
another issued one. Here are a few from the last few days work:
Off hand, the problem is I might just say: "looking good" and get on with
it. In this apps scope, that's fine actually. But the one described in the
above ends up repeating issued hashes routinely. so this is more like this
block of filenames:
One is repeated in the second block above. If this came from the lower
level code, for crypto its utterly useless suddenly.
You might wonder if its intentional for the Etherium thing...
Anyway, I wrote this post not to rattle on about the above, but note there
is really a fix without ANY maybe in it...
Here's a chip that measures thermal noise and makes numbers:
Im surprised its not in some motherboards now and supported in op systems
Of course, an A/D converter and a diode will do the same thing. But the
physiological problem as above is a route cause of super duper incredibly
bad RNG's being tolerated.
They take effort to discover. Like the famous talking Barbie said before a
recall: "Math is hard".
Also, it may be possible to cook the books and leave a signature hiding in
an otherwise random-ish hash made. For instance, I think I could make a
`unfixer-upper' that changes the hash and marks it so the S-Box makes
decoding have some detectable property. This means a program of mine would
know instantly which encrypted text will be one of my set aside ones I can
break. The marked property means perhaps only a small number of bits need
to be iterated, like for instance 2^12 and that private key will be
recovered. The conjugate of the S-Box is the point of departure for the
experiment, or crime-project, depending on your motive.... This is much
harder to detect as a black hat act then simply reusing a hash commissioned
number 100% intact. So for instance, if this was applied to Blockchain or
Etherium at the 1% level, a black hat program could reliably hyjack any of
that percentage at will with ease and without any supercomputing ...
Nothing to it. Finding properties that live thru the S-Box(es) for marking
actual messages is probably hard. But they only need to `live a little' and
be detectable statistically. If 2^12 tries are applied to a false pick, so
Time for Hardware RNG's.
Of course, linux has a hook for such a thing:
`` The hw_random framework is software that makes use of a special hardware
feature on your CPU or motherboard, a Random Number Generator (RNG). The
software has two parts: a core providing the /dev/hwrng character device
and its sysfs support, plus a hardware-specific driver that plugs into that
But if the hardware doesn't have it, its uncool to pretend a program is as
good, when at least some as above, are very troubling....
Funny just typing randomly on a keyboard under your direct control is much
better then an unseen program:
Dan Kolis aka: Mr. 7ee10592600533e7a0132ecd5d0937e5
Hmmm did you notice that is the repeater, or did you think I wiggle typed
on the keyboard ?
my ref: cryptography, sent 19 Nov 2019 13:40
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography