Random number generators are the foundation of cryptography -- that's why the NSA secretly sabotaged the RNG standard that the National Institute for Standards and Technology developed.
The Tor Project faces serious, state-level adversaries, including the FBI, and so it needs all the randomness it can get -- randomness that can't be made predictable even if you've compromised the user's computer, even.
The project's breaking new theoretical ground by designing a real-world distributed random number generator that harnesses computers from around the world to collaborate on a random number that none of the individual computers could predict in advance, and that a compromised computer can't sabotage.
The RNG is now completed and is undergoing rigorous testing. It recently underwent its first non-simulated test at the Tor Hackfest in Montreal.
This allowed us to test scenarios that could make the protocol burp and fail in unpredictable ways. For example, we instructed our testing Tor nodes to abort at crucial protocol moments, and come back in the worst time possible ways, just to stress test the system. We had our nodes run ancient Tor versions, perform random chaotic behaviors, disappear and never come back, etc.
This helped us detect various bugs and edge cases. We also confirmed that our system can survive network failures that can happen on the real Internet. All in all, it was a great educational experience! We plan to keep our testing network live, and potentially recruit more people to join it, to test even more features and edge cases!
For what it's worth, here is a picture of the two first historic random values that our Tor test network generated. The number "5" means that 5 Tor nodes contributed randomness in generating the final random value:
Mission: Montreal! (Building the Next Generation of Onion Services)
Remember when Malcolm Turnbull, the goddamned idiot who was briefly Prime Minister of Australia, was told that the laws of mathematics mean that there was no way to make a cryptography system that was weak enough that the cops could use to spy on bad guys, but strong enough that the bad guys couldn't use […]
Peter writes, "ThingsCon, our Berlin-based non-profit for a more responsible IoT, launches a trustmark for IoT - the Trustable Technology Mark. Cory gave some input to it a while back already, and finally it's launch day: We want to highlight the best work in IoT, the best/most respectful of users' rights, privacy and security. It's […]
How bad is the Marriott/Starwood breach disclosed today? “Unauthorized access to the Starwood network since 2014 … For approximately 327M of these guests, the info includes some combination of name, mailing address, phone number, email address, passport number.” Marriott says information from as many as 500 million people has been compromised, and credit card numbers […]
So you’ve got a good eye for pictures? We’ve got a good eye for deals. And this holiday, there are some solid deals out there for photographers. Check out some of our favorite recent discounts on gear, software, and e-learning for photogs of any experience. Gadgets RevolCam: The Multi-Lens Photo Revolution for Smartphones This […]
Take a scroll through any app marketplace and you’ll see that the doors are wide open for any game these days – and any game developer. Like any creation, virtual or analog, it all starts with an idea. And if you’ve got one of those, the Complete Unity Game Developer Bundle can walk you the […]
At the rate the world is shrinking, you don’t need to be a globetrotter for a second language to be a useful skill. And if you’re looking to learn that second language (or a third, or fourth), uTalk Language Education is the learning program that makes progression not only easy but fun. If you can’t […]