close
    • chevron_right

      Cryptographic Flaw in Libbitcoin Explorer Cryptocurrency Wallet

      news.movim.eu / Schneier · Wednesday, 9 August, 2023 - 18:16

    Cryptographic flaws still matter. Here’s a flaw in the random-number generator used to create private keys. The seed has only 32 bits of entropy.

    Seems like this flaw is being exploited in the wild.

    • chevron_right

      On the Randomness of Automatic Card Shufflers

      news.movim.eu / Schneier · Monday, 24 October, 2022 - 03:41 · 1 minute

    Many years ago, Matt Blaze and I talked about getting our hands on a casino-grade automatic shuffler and looking for vulnerabilities. We never did it—I remember that we didn’t even try very hard—but this article shows that we probably would have found non-random properties:

    …the executives had recently discovered that one of their machines had been hacked by a gang of hustlers. The gang used a hidden video camera to record the workings of the card shuffler through a glass window. The images, transmitted to an accomplice outside in the casino parking lot, were played back in slow motion to figure out the sequence of cards in the deck, which was then communicated back to the gamblers inside. The casino lost millions of dollars before the gang were finally caught.

    Stanford mathematician Persi Diaconis found other flaws:

    With his collaborator Susan Holmes, a statistician at Stanford, Diaconis travelled to the company’s Las Vegas showroom to examine a prototype of their new machine. The pair soon discovered a flaw. Although the mechanical shuffling action appeared random, the mathematicians noticed that the resulting deck still had rising and falling sequences, which meant that they could make predictions about the card order.

    New Scientist article behind a paywall. Slashdot thread .

    • chevron_right

      Linux Improves Its Random Number Generator

      Bruce Schneier · news.movim.eu / Schneier · Wednesday, 23 March, 2022 - 15:41

    In kernel version 5.17, both /dev/random and /dev/urandom have been replaced with a new — identical — algorithm based on the BLAKE2 hash function, which is an excellent security improvement.