NIST Randomness Beacon
Andy Isaacson
adi at hexapodia.org
Sun Nov 10 00:54:01 PST 2013
On Sat, Nov 09, 2013 at 08:28:17PM -0800, d.nix wrote:
> surely someone here has an opinion...
>
> http://www.nist.gov/itl/csd/ct/nist_beacon.cfm
>From the page, a relevant suggestion:
WARNING:
DO NOT USE BEACON GENERATED
VALUES AS SECRET
CRYPTOGRAPHIC KEYS.
The Beacon is a potentially useful service. Folks have implemented
similar semantics by, for example, hashing the DJIA closing value of a
given date (see http://xkcd.com/426/).
NIST's implementation, of course, makes them a trusted third party to
any security critical applications of this oracle. I'd be more
comfortable with a cryptographic hash of an unpredictable but publicly
determined value; however, it's hard to find one that has as much
entropy as the Beacon.
For example, suppose you use the low bits of the bitcoin blockchain
hash. An attacker with 10% of the hash power could probabilistically
attack such a system by chosing blocks with a specific value in those
bits; furthermore, the miners might know the relevant value earlier than
other users of the system.
-andy
More information about the cypherpunks
mailing list