Comment

Comment on Computer Scientists Figure Out How To Prove Lies: An attack on a fundamental proof technique reveals a glaring security issue for blockchains and other digital encryption schemes.

adespoton@lemmy.ca ⁨2⁩ ⁨days⁩ ago

For decades, many computer scientists have presumed that for practical purposes, the outputs of good hash functions are generally indistinguishable from genuine randomness — an assumption they call the random oracle model.

Er, no. The falsity of this is taught in virtually all first year CS courses.

Computer programmers and other IT workers? Sure… but hash functions have never been considered a substitute fore pure randomness.

That’s why we have a random generator in each computer based on thermal variance, I/O input, and other actually random features. And even then, we have to be careful not to hash the randomness out of the source data.

source

Sort:hotnew top

GreenCrunch@lemmy.today ⁨2⁩ ⁨days⁩ ago
Or, if you’re more fun, a giant wall of lava lamps! The coolest randomness in town!

(Cloudflare does this)

source
solrize@lemmy.ml ⁨2⁩ ⁨days⁩ ago
This isn’t about random vs pseudorandom numbers, it’s about the use of hashing in protocols that are provably secure under the random oracle model (ROM). It’s a pretty near certainty that first year CS courses don’t explain what the random oracle model is. But basically, there have been known attacks for decades against protocols intentionally designed to be vulnerable in the standard model while still secure in the ROM. This is the first time such an attack has been found against a real world protocol.

Matthew Green had an explainer a few months ago that was more detailed than the Quanta article while still being readable: blog.cryptographyengineering.com/…/how-to-prove-f…

Anyway it sounds like caution is warranted but “ZOMG the sky is falling” is overreaction.

source