It would be really funny if this was used to generate cryptocurrency keys.
-
It would be really funny if this was used to generate cryptocurrency keys.
FWIW, you can do a serviceable "software only" TRNG based on comparing the jitter of two clock sources.
This is some "Poe's law" stuff, could be satire, could be deranged tech bro.
Via @sophieschmieg
-
Tableflipreplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc @sophieschmieg didn’t this already exist for ages with /dev/random
-
Ryan Castellucci :nonbinary_flag:replied to Tableflip last edited by
@Lookatableflip @sophieschmieg /dev/random isn't software only
-
David Chisnall (*Now with 50% more sarcasm!*)replied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc @Lookatableflip @sophieschmieg That depends a lot on the system. It will use all of the entropy sources available to the kernel. On modern systems, that typically includes at least one hardware entropy source. These are often a set of free-running ring oscillators, which then feed into some cryptographic hash function for whitening.
Without these, it will use much weaker things. The contents of the password file, the hash of the kernel binary, the cycle count at the time interrupts fire or devices are attached, and so on.
There have been some high-profile vulnerabilities from embedded devices that did things like generating private keys on first boot, with deterministic device attach time, and ended up with a handful of different private keys across the entire device fleet.
-
Cittyreplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc @sophieschmieg If I had the resources and wasn't the kind of person they'd probably call a FUDer at best, I wonder how they'd respond to "I have X thousand dollars, all you have to do is release a paper that proves it works"
-
Sophie Schmiegreplied to David Chisnall (*Now with 50% more sarcasm!*) last edited by
@david_chisnall @ryanc @Lookatableflip and don't forget the whole Debian random number generator debacle. That was probably one of the motivating factors for adding RDRAND and friends to modern CPUs.
-
Ryan Castellucci :nonbinary_flag:replied to Sophie Schmieg last edited by
@sophieschmieg @david_chisnall @Lookatableflip I don't consider interrupt timing to be "software only", fwiw.
-
David Chisnall (*Now with 50% more sarcasm!*)replied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc @sophieschmieg @Lookatableflip I guess it’s not pure software, but anything running on a real computer has a hardware component. The randomness bit is pure software, using whatever it can from the environment as entropy sources, but none of the entropy sources alone (without a hardware random number generator) has enough entropy to be useful, and interrupt timings can sometimes be under attacker control (some fun attacks from the ‘90s involved sending packets at specific timing to influence the entropy collection).
-
Ryan Castellucci :nonbinary_flag:replied to David Chisnall (*Now with 50% more sarcasm!*) last edited by
@david_chisnall @sophieschmieg @Lookatableflip And thus the "AI" solution is not pure software either.
Deep down, it's relying on a PRNG seeded from something.
