Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Entropy Attacks: Exploiting Flaws in Random Number Generation

2025-03-28

A cr.yp.to blog post reveals a critical vulnerability in random number generation—entropy attacks. The conventional wisdom holds that hashing multiple entropy sources enhances randomness, but the author demonstrates that if a single source is compromised, attackers can manipulate the hash output and control generated random numbers. This poses a significant threat to cryptographic systems relying on randomness, like DSA and ECDSA, enabling attackers to steal private keys. EdDSA, due to its deterministic signature generation, offers stronger resistance. The article advocates for minimizing entropy sources and employing deterministic cryptographic approaches to mitigate the risks associated with constantly adding new entropy.

Read more
(blog.cr.yp.to)
Tech

Will Quantum Computers Really Work? Challenging Doubts About Quantum Attacks on RSA

2025-01-18

This blog post addresses skepticism surrounding the feasibility of quantum computers breaking RSA-2048 encryption. The author refutes arguments claiming quantum computers won't work, such as the exponential energy argument, the number of variables argument, the error correction argument, and visibility arguments. These arguments, the author contends, are largely based on wishful thinking and confirmation bias, lacking scientific rigor. While acknowledging challenges in quantum computing, the author emphasizes that based on current literature and progress, breaking RSA with quantum computers isn't far-fetched, making early preparation crucial.

Read more
(blog.cr.yp.to)
Tech