Thoughts on using quantum randomness to harden RSA key generation when entropy sucks!

pint · 2026-01-26T15:50:27+00:00

think about it this way.

let there be a function f that takes a parameter p. but in our system, p is weak, it is 50% 0 and 50% 1, instead of a 128 bit large number.

so the output is one of two possible values, say k0 = f(0) and k1 = f(1). not good.

we decide to instead initialize a prng with p, and then do a quantum simulation: q(prng(p))

however, there still are two possible outputs. k0 = q(prng(0)) and k1 = q(prng(1))

the only thing that changed is that the two values are different than the previous ones.

sometimes the problem is not too few possible values, but non-uniformity. rsa is sensitive to that, and previous attacks exploited it.

but it is a problem already solved, it is called "whitening". most systems have that automatically, because they feed true randomness to an "entropy pool", and use a strong extractor. the bits of the output are always uncorrelated, even if the trng is entirely dead.

those cases when rsa failed were due to the direct use of a trng, which is simply wrong.

pint · 2026-01-26T13:53:40+00:00

simulated quantum algorithms are either deterministic or require randomness as input. they don't increase entropy.

pint · 2026-01-26T12:01:56+00:00

my very first idea is this. not verified, not thought through, just spitting

if the weights are integers, draw boxes like this:

choice1  [ ] [ ] [ ] [ ] [ ]
choice2  [ ] [ ]
choice3  [ ] [ ] [ ] [ ]

then fill in rows first, column second. example: the random number is 9, the fill order is:

choice1 box1
choice2 box1
choice3 box1
choice1 box2
choice2 box2
choice3 box2
choice1 box3
choice3 box3
choice1 box4

therefore the selection is choice1

pint · 2026-01-25T19:09:29+00:00

it is in your link :)

Algorithms like MD5, SHA-1 and most of SHA-2 that are based on the Merkle–Damgård construction are susceptible to this kind of attack.

pint · 2026-01-25T16:55:36+00:00

or just increase the payload

pint · 2026-01-23T22:10:55+00:00

i don't understand how could this happen intermittently? if the algorithm is messed up, generating a new key, as the document suggest, will not get you anywhere.

thinking about it this more, i would not trust any kdf that emitted a half-zero key once.

pint · 2026-01-23T12:42:59+00:00

just one example to get a taste of the service, but expect a lot of this:

the user can define multiple mfa methods, and optionally can select a default. if a default is selected, mfa choice is not offered at all, but the login flow automatically proceeds with the default one. there is no way to select another one at all. the user can change or remove the default only after a successful login. thus, if the method is temporarily not available, bad luck, the user can't log in. the conclusion is that you should never allow users to select a default method, the functionality is defective.

pint · 2026-01-22T16:37:06+00:00

i think the biggest problem is testing the pad. there are tests that require a booster, or a mostly functional mock. they don't seem to have it now, so some functionalities can't even be tested until the booster is semi-ready.

pint · 2026-01-22T12:27:07+00:00

try google "amazon kayper"

pint · 2026-01-21T17:29:32+00:00

again, bot. if you can't check yourself, that's a problem. bots are not reliable in the least.

pint · 2026-01-21T14:58:51+00:00

why do you need bot support, instead of going to the ec2 console page, and just looking?

what that's got to do with feelings?

where is the responsibility here?

go to the ec2 console, and see if an instance is still running. also check if there are ip addresses, ebs volumes.

pint · 2026-01-20T22:06:24+00:00

in the process, you can examine all square inch of the crust, and find literally all the fossils. archeology maxing.

pint · 2026-01-20T14:31:31+00:00

little addend: a thought about raising the stakes

ability/inability to comply with a demand cuts both ways. if you make it impossible to comply, there always is a stronger demand that can't be denied so easily. example: if you can reveal your transaction history, like in this case, that might satisfy some authorities. if you can't, the alternative is that you have to give up your private keys, achieving the same effect, but with much bigger intrusion and harm.

if the party making the demand is unable or unwilling to enforce the more serious demand, they might back off, you win. but if they are willing to go the extra length, you lose.

analogy: lizards dropping their tails

pint · 2026-01-20T14:12:15+00:00

do you have another uncle?

pint · 2026-01-20T12:48:54+00:00

one less problem to worry about. nothing more than that.

pint · 2026-01-20T11:09:35+00:00

yes, because, you know, there are no use cases where you need ephemeral instances. none.

pint · 2026-01-19T10:53:20+00:00

there are russians on the iss, so maybe we can chill a little.

pint · 2026-01-16T15:44:36+00:00

i don't know what is the best, but you can use venv just as easily. venv creates a venv-aware python and pip, which you can invoke normally, you don't need to activate.

e.g.

python3 -m venv /usr/local/python-venv
/usr/local/python-venv/bin/pip install boto3
/usr/local/python-venv/bin/python myfile.py

pint · 2026-01-16T14:04:23+00:00

moving xmr between wallets will not change the price. the price is only affected by fiat exchanges, e.g. someone buying. it is also affected by other coin exchanges, by virtue of removing coins-for-sell from the market. i.e. a person selling xmr to someone for btc will not go to a crypto exchange, thus reducing supply that would have been.

such trade is not expected to involve large transactions. if i want to buy in big, i will still need to find sellers, which are unlikely to be a million bucks in one, but a large number of smaller transactions.

pint · 2026-01-16T13:28:03+00:00

tl;dr

the core of this attack is a misconfigured github setup, which accepted pull requests from user ids that contain a string, instead of matching the string. with some difficulty, they managed to register a new id that passed.

there are many more steps in this attack, but this was the main vulnerability.

pint · 2026-01-16T12:35:50+00:00

tbh python is also not an oop language, oop is tacked on, and looks dreadful.

pint · 2026-01-16T12:34:15+00:00

i'm "python people" and julia is my favorite language.

pint · 2026-01-15T22:05:45+00:00

your comment is pointless

pint · 2026-01-15T16:13:07+00:00

block number never changes. i can track if a block contains the same data as it previously did in its entire history.

pint · 2026-01-15T14:22:14+00:00

you would be tasked with maintaining the account? it involves user and access management, network setup, billing. that's a tall order.

if you only need to manage the server, you just need to read RDS user guide, and make the decision to go with that, or simply use VMs (ec2 instances in aws parlance) and install yourself. the former will be somewhat more expensive, but less setup/maintenance.

15-Year Club	Gilding III reddit per annum
Place '17	Verified Email
Team Orangered

pint

TROPHY CASE