Entropy Attacks: Exploiting Flaws in Random Number Generation

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Entropy Attacks: Exploiting Flaws in Random Number Generation

2025-03-28

A cr.yp.to blog post reveals a critical vulnerability in random number generation—entropy attacks. The conventional wisdom holds that hashing multiple entropy sources enhances randomness, but the author demonstrates that if a single source is compromised, attackers can manipulate the hash output and control generated random numbers. This poses a significant threat to cryptographic systems relying on randomness, like DSA and ECDSA, enabling attackers to steal private keys. EdDSA, due to its deterministic signature generation, offers stronger resistance. The article advocates for minimizing entropy sources and employing deterministic cryptographic approaches to mitigate the risks associated with constantly adding new entropy.

(blog.cr.yp.to)

Tech

Air Pollution During Pregnancy Linked to Increased Postpartum Depression Risk

IBM Layoffs: US Jobs Shifting to India