[clug] "League of Entropy" and 'drand' - anyone heard of it, using it?

Thu Aug 8 23:49:51 UTC 2019

On 8/8/19 2:18 pm, steve jenkin via linux wrote:
> This seems a big deal to me for some public, transparent and auditable processes - not just “Lotteries”.
> 
> With so many Linux boxes out there with the Intel CPU hardware RNG added into /dev/random,
> this could be very widely sourced and difficult to compromise.
> 
> 
> Anyone:
> 	Examined it?
> 	Using it?
> 	Running a node?
> 
> s

I haven't read the links (a bit time poor), but if you are relying on
an Internet service for your randomness, then you are open to man-in-
the-middle attack where an adversary _could_ feed you a "known" "random"
value to enable them to guess your (eg.) session keys etc.

Even using radio tuners to get some noise to seed your RNG has been
shown to be susceptible to an adversary able to direct specific RF
energy at your tuner dongle.

Having said all that, some of my containers and VMs use haveged to
help with RNG seeding:
https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged

cheers,
Bob Edwards

> 
> ===============
> 
> League of Entropy: Not All Heroes Wear Capes
> June 2019
> <https://new.blog.cloudflare.com/league-of-entropy/>
> 
>> The League of Entropy provides public randomness that any user can retrieve from leagueofentropy.com.
>> <https://leagueofentropy.com/>
>> Users will be able to view the 512-bit string value that is generated every 60 seconds.
>> Why 60 seconds? No particular reason.
>> Theoretically, the randomness generation can go as fast as the hardware allows, but it’s not necessary for most use cases.
>> Values generated every 60 seconds give users 1440 random values in one 24-hour period.
> 
> ===============
> 
> 
> Drand - A Distributed Randomness Beacon Daemon
> <https://github.com/dedis/drand>
> 
> Drand slideshow, 15 slides + notes.
> <https://docs.google.com/presentation/d/1t2ysit78w0lsySwVbQOyWcSDnYxdOBPzY7K2P9UE1Ac/edit#slide=id.p>
> 
>> Distributed, bias-resistant, unpredictable and publicly verifiable randomness
>> Nicolas GAILLY, 2018
> 
> 
> ===============
> 
> League of Entropy
> <https://leagueofentropy.com/>
> 
> [redirects for me to Cloudfare]
> <https://www.cloudflare.com/leagueofentropy/>
> 
> At time of writing, “Index” is 92885.
> These seem to be stored and retreivable
> 
>> Randomness Retrieval and Verification
>>
>> To retrieve and verify the latest random value using the experimental configuration, install Golang v1.11+, set your GOPATH, and execute:
>>
>> go get -u github.com/dedis/drand
>> cd $GOPATH/src/github.com/dedis/drand
>> go build
>> ./drand get public deploy/190604/group.toml
> 
> 
> ===============
> 
> 
> --
> Steve Jenkin, IT Systems and Design
> 0412 786 915 (+61 412 786 915)
> PO Box 38, Kippax ACT 2615, AUSTRALIA
> 
> mailto:sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
> 
> 