The conventional wisdom says that hash outputs can't be controlled; the conventional wisdom is simply wrong.
pull down to refresh
0 sats \ 1 reply \ @StackerJack 6 Apr
This entropy shit is a real eye-opener. It's wild how easily security can get fucked if you don't handle it properly.
People think their cryptography is solid just because they’re using random numbers, but this article shows it’s not that simple. A small mistake in mixing entropy sources and you’ve got a damn backdoor just sitting there.
What’s interesting though is how EdDSA handles it differently though...
Instead of relying on random bullshit, it takes a more controlled, deterministic approach after generating the key seemingly.
That’s honestly a smarter move. If more systems paid attention to this level of detail, security might actually hold up better.
Makes you realize how much we blindly trust stuff without checking it out.
reply
0 sats \ 0 replies \ @carter OP 6 Apr
I think hardware solutions like secure compute modules can help. They keys are in the chip and you aren't going to steal them without decapping the chip or some high resolution Xray. A lot more time is spent on getting hardware right so hopefully you could trust it better. Your software talks to hardware and asks it to do the crypto for it but there are downsides too... cant update it so you better have a good algorithm to start with and you cant copy keys so you better have some strategy of updating which devices are allowed to sign
reply