Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor To Use Distributed RNG To Generate Truly Random Numbers (softpedia.com)

Posted by BeauHD on from the no-order dept.

An anonymous reader quotes a report from Softpedia: Tor developers have been working on the next iteration of the Tor network and its underbelly, the Onion routing protocol, in order to create a stronger, harder-to-crack anonymous communications system. To advance the project, the developer team schedules brainstorming and planning meetings at regular intervals. The most recent of these meetings took place last week, in Montreal, Canada. In this session, the team tested the next generation of the Tor network working on top of a revamped Onion protocol that uses a new algorithm for generating random numbers, never before seen on the Internet. The Tor Project says it created something it calls "a distributed RNG" (random number generator) that uses two or more computers to create random numbers and then blends their outputs together into a new random number. The end result is something that's almost impossible to crack without knowing which computers from a network contributed to the final random number, and which entropy each one used. Last week, two University of Texas academics have made a breakthrough in random number generation. The work is theoretical, but could lead to a number of advances in cryptography, scientific polling, and the study of various complex environments such as the climate.

3 of 130 comments (clear)

  1. why is this needed? by slashmydots · · Score: 5, Interesting

    Why are people still complaining about random numbers? Over 10 years ago I saw a documentary that showed off a quantum photon splitter PCI card that could go in any computer. The API let you generate random numbers based on splitting photons left or right and it was deemed closer to 50% each side than any other randomizing system ever invented. So...what happened to that? Doing quantum tasks with photons is actually relatively easy so the story was believable. I can't think of a better way in the physical universe to generate random numbers. So besides the problem of requiring volunteers running relays to have one of these custom piece of hardware, why don't they attempt to use this solution?

  2. White Noise by Dr_Barnowl · · Score: 3, Interesting

    I ran into entropy problems when signing a lot of JAR files in a build process - turns out modern computers with their large RAM that caches disk etc don't generate as much entropy as they used to.

    The solution I used was the randomsound daemon, which samples white noise from your mic to inject into your entropy pool.

    Why not just use that? There's a crapload of white noise in most server rooms, even near most consumer PCs (just tape a mic next to one of the cooling vents). Actual genuine entropy rather than this card-shuffled pseudo entropy - making things complex just obscures things further, it doesn't really create randomness.

  3. Re:Time Sync by Anonymous Coward · · Score: 2, Interesting

    To avoid fingerprinting TOR users. A flurry of NTP sync packets from a single IP address every couple days could light someone up a TOR user.

    What TAILS does on boot is request a page from one of many popular websites (facebook, google, etc) then use the HTTP response to get the time. Much more discrete.