Random number generators are the foundation of cryptography -- that's why the NSA secretly sabotaged the RNG standard that the National Institute for Standards and Technology developed.
The Tor Project faces serious, state-level adversaries, including the FBI, and so it needs all the randomness it can get -- randomness that can't be made predictable even if you've compromised the user's computer, even.
The project's breaking new theoretical ground by designing a real-world distributed random number generator that harnesses computers from around the world to collaborate on a random number that none of the individual computers could predict in advance, and that a compromised computer can't sabotage.
The RNG is now completed and is undergoing rigorous testing. It recently underwent its first non-simulated test at the Tor Hackfest in Montreal.
This allowed us to test scenarios that could make the protocol burp and fail in unpredictable ways. For example, we instructed our testing Tor nodes to abort at crucial protocol moments, and come back in the worst time possible ways, just to stress test the system. We had our nodes run ancient Tor versions, perform random chaotic behaviors, disappear and never come back, etc.
This helped us detect various bugs and edge cases. We also confirmed that our system can survive network failures that can happen on the real Internet. All in all, it was a great educational experience! We plan to keep our testing network live, and potentially recruit more people to join it, to test even more features and edge cases!
For what it's worth, here is a picture of the two first historic random values that our Tor test network generated. The number "5" means that 5 Tor nodes contributed randomness in generating the final random value:
Mission: Montreal! (Building the Next Generation of Onion Services)
On the one hand, if you let an untrusted stranger install hardware in your electronic device, you’re opening yourself up to all kinds of potential mischief; on the other hand, an estimated one in five smartphones has a cracked screen and the easiest, most efficient and cheapest way to get that fixed is to go […]
Businesses like Adobe Stock use large, visible watermarks to deter copyright infringement; a new paper presented by Google Researchers to the Computer Vision and Pattern Recognition shows that these watermarks can be reliably detected and undetectably erased by software.
Earlier this month, UK Home Secretary Amber Rudd idiotically insisted that “real people” don’t need encrypted messaging apps; but as foolish a statement as that was, there was a kernel of truth to it.
The Pry.Me Bottle Opener holds tens of thousands of times its own weight, and you can pick one up now from the Boing Boing Store.This remarkable keychain is considerably smaller than any of your keys, but don’t let that fool you: it can easily open any bottle, and could even tow a trailer full of […]
Guaranteeing your privacy online goes way beyond checking the “Do Not Track” option in your browser’s settings. To ensure that your internet activity is totally hidden from Internet Service Providers, advertisers, and other prying eyes, take a look at Windscribe’s VPN protection. It usually costs $7.50 per month, but you can get a 3-year subscription […]
This project management bundle will help you get organized and learn how to lead a team to success. You can pay what you want for these five courses when you pick them up from the Boing Boing Store.To help you become an invaluable asset for your company, this bundle includes a curated collection of professional […]