Random number generators are the foundation of cryptography -- that's why the NSA secretly sabotaged the RNG standard that the National Institute for Standards and Technology developed.
The Tor Project faces serious, state-level adversaries, including the FBI, and so it needs all the randomness it can get -- randomness that can't be made predictable even if you've compromised the user's computer, even.
The project's breaking new theoretical ground by designing a real-world distributed random number generator that harnesses computers from around the world to collaborate on a random number that none of the individual computers could predict in advance, and that a compromised computer can't sabotage.
The RNG is now completed and is undergoing rigorous testing. It recently underwent its first non-simulated test at the Tor Hackfest in Montreal.
This allowed us to test scenarios that could make the protocol burp and fail in unpredictable ways. For example, we instructed our testing Tor nodes to abort at crucial protocol moments, and come back in the worst time possible ways, just to stress test the system. We had our nodes run ancient Tor versions, perform random chaotic behaviors, disappear and never come back, etc.
This helped us detect various bugs and edge cases. We also confirmed that our system can survive network failures that can happen on the real Internet. All in all, it was a great educational experience! We plan to keep our testing network live, and potentially recruit more people to join it, to test even more features and edge cases!
For what it's worth, here is a picture of the two first historic random values that our Tor test network generated. The number "5" means that 5 Tor nodes contributed randomness in generating the final random value:
Mission: Montreal! (Building the Next Generation of Onion Services)
Fingerprint locks are catastrophically awful, part LXVII: the software security on the crowdfunded Tapplock "is basically nonexistent" -- the lock broadcasts its own unlock code over Bluetooth, and if you send it back to the lock, it pops open.
A team of computer scientists, psychologists and neuroscientists used eye-tracking and fMRI to measure how users perceived security warnings, such as warnings about app permissions and browser warnings about insecure pages and plugin installations.
Konrad Rieck has data-mined the nine top security conferences, compiling a decade-by-decade list of the papers most often cited in the presentations delivered at these events: top of the pile is Random Oracles are Practical: A Paradigm for Designing Efficient Protocols (Sci-Hub mirror), from the 1993 ACM Conference on Computer and Communications Security. Rieck has […]
Your pet might be photogenic, but getting them to stare long enough at your camera to snap that Instagram-worthy photo isn’t as simple as telling them to sit. Bribing your pets with their favorite treat, however, might just do the trick, and with the Adjustable Pet Selfie Smartphone Attachment, you can do just that while getting […]
The cybersecurity landscape is changing, and now one of the most effective ways to counter hacking threats is to employ another hacker against them. Commonly referred to as ethical hackers, these professionals use a cybercriminal’s tools against them, checking networks for vulnerabilities and patching them up before they can be exploited. The Certified Ethical Hacker Bootcamp […]
The human eye is a powerful thing, but it’s not so great at seeing in the dark or around tight spaces, which is partially why most of us struggle with unplugging drains, cleaning under the fridge, and other hard-to-reach jobs. This 1080p HD Waterproof WiFi Wireless Endoscopic Camera, however, gives you the flexibility necessary to get […]