Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor To Use Distributed RNG To Generate Truly Random Numbers (softpedia.com)

Posted by BeauHD on from the no-order dept.

An anonymous reader quotes a report from Softpedia: Tor developers have been working on the next iteration of the Tor network and its underbelly, the Onion routing protocol, in order to create a stronger, harder-to-crack anonymous communications system. To advance the project, the developer team schedules brainstorming and planning meetings at regular intervals. The most recent of these meetings took place last week, in Montreal, Canada. In this session, the team tested the next generation of the Tor network working on top of a revamped Onion protocol that uses a new algorithm for generating random numbers, never before seen on the Internet. The Tor Project says it created something it calls "a distributed RNG" (random number generator) that uses two or more computers to create random numbers and then blends their outputs together into a new random number. The end result is something that's almost impossible to crack without knowing which computers from a network contributed to the final random number, and which entropy each one used. Last week, two University of Texas academics have made a breakthrough in random number generation. The work is theoretical, but could lead to a number of advances in cryptography, scientific polling, and the study of various complex environments such as the climate.

5 of 130 comments (clear)

  1. Re:why is this needed? by ledow · · Score: 3, Insightful

    Because paying for cards for every machine in the word, and mandating their use for every transaction from any machine, plus avoiding that device being compromised by a government entity, or turned into a TPM module is difficult enough.

    Seriously, imagine if your bank's said, to comply with PCI DSS standards, you had to install this special card in your server.

    1) That's enforced server downtime.
    2) Most servers are virtual nowadays and not actually physical (and thus you can't guarantee that that "PCI card" your computer sees is even a real PCI card)
    3) Are you going to trust a random piece of government- or even bank-mandated hardware in your machine reading the entire memory bus?

    Nobody would touch it, even in the server-arena, let alone "every client in the world".

    There are already lots of "random number generator" hardwares, everything from white-noise microphones to random instructions inside chips based on quantum noise (now obsolete and nobody really used them, except VIA chips). Nobody touched them. Where it matters, hardware exists to make it happen. Few use it.

    Mandating it to every client or even every SSL-using server? Good luck. It just doesn't provide an advantage. Even those places with SSL accelerators (that just offload SSL transactions kind of like a reverse proxy) don't use them.

    And the fact is that almost every weakness so far is not in the choice of random numbers but in the way those random numbers are handled later on. Except for embedded boards and no-permanent-state devices (which you should realise shouldn't be used for this kind of thing), filling up the entropy pool on any modern, network connected machine is pretty trivial.

  2. Re:pseudo+pseudo=true? by Anonymous Coward · · Score: 2, Insightful

    That's essentially what they are doing.

    By mixing deterministic pseudo-random streams you are never going to get a truly random result. What you will get though is much better quality fake random numbers that are harder to predict and the hope is that this will in turn help the whole system be more resilient to attack.

  3. They say "never done before" like that's good... by Anonymous Coward · · Score: 2, Insightful

    In the world of crypto, I'd much rather be using something that's been around long enough to be thoroughly analysed. Every so often someone pops up with something new and exciting and different, then six months later gets shot down by the experts who describe exactly how to break it.

    Telling us "even the authors can't predict what will come out of it" doesn't raise my confidence, either. I'd be a lot happier with a statement like "rigorous analysis shows that the random numbers generated will be uniformly distributed", or something like that.

    Real crypto work is hard, and random number generation is part of the hard.

  4. Re: why is this needed? by geek · · Score: 4, Insightful

    Entropy is a problem in VM's, especially when they don't have actual devices attached.

  5. Re:pseudo+pseudo=true? by Anonymous Coward · · Score: 2, Insightful

    No, he's right about how RNG mathematics works. A collection of pseudo-randomly generated numbers if merged with the exclusive or operation (XOR) will be no weaker than the strongest single source of pseudo-randomness. On the other hand, it will not be stronger than the strongest single source of pseudo-randomness. The XOR merging is primarily done to make sure that the final number (the one actually used for the later cryptography) is as unpredictable as the least predictable source even when you have no idea which sources are predictable.

    What you're thinking of is in the actual encryption stage, where every additional intentional key significantly decreases the security of the encryption, possibly with the creation of accidentally valid decryption keys as well.