Technology

234 readers

315 users here now

Share interesting Technology news and links.

Rules:

No paywalled sites at all.
News articles has to be recent, not older than 2 weeks (14 days).
No videos.
Post only direct links.

To encourage more original sources and keep this space commercial free as much as I could, the following websites are Blacklisted:

Al Jazeera.
NBC.
CNBC.
Substack.
Tom's Hardware.
ZDNet.
TechSpot.
Ars Technica.
Vox Media outlets, with exception for Axios(Due to being ad free.)
Engadget.
TechCrunch.
Gizmodo.
Futurism.
PCWorld.
ComputerWorld.
Mashable.

More sites will be added to the blacklist as needed.

Encouraged:

Archive links in the body of the post.
Linking to the direct source, instead of linking to an article talking about the source.

founded 2 months ago

MODERATORS

Pro@programming.dev

Computer Scientists Figure Out How To Prove Lies: An attack on a fundamental proof technique reveals a glaring security issue for blockchains and other digital encryption schemes. (www.quantamagazine.org)

submitted 1 day ago by Pro@programming.dev to c/Technology@programming.dev

2 comments fedilink hide all child comments

top 2 comments

sorted by: hot top controversial new old

[–] cecilkorik@lemmy.ca 2 points 1 day ago (1 children)

I think this is an indictment of our exceedingly heavy trust of and reliance on hashes in cryptography and security related domains. I've always felt like hashes, even large "cryptographically secure" ones should be viewed as a shortcut (albeit a convenient one) around proper cryptography and security and treated accordingly as something that should be used minimally and with at least some caution. I am not an expert and will defer to actual cryptography experts on this matter but I have to say I've always been shocked at how deeply we've buried any actual encryption going on under layers and layers and layers of hashes in basically every protocol. Everything (like the process described in the article) is hashes of hashes upon hashes almost all the way down. Hashing and key and message certification is necessary unless we want to be stuck relying on secure channels, long lived keys and one-time-pads, all which present their own security risks. But over-reliance on something we know is inherently a shortcut is its own kind of risk. Use the shortcut too often and in too many layers and it starts eroding the security of the thing you're trying to make secure.

And because I know someone will complain that hashes aren't a shortcut, its true they don't automatically have to be if they're used in very specific ways, but allow me to qualify that by saying that I think the way they're very typically used is absolutely a shortcut and this article shows why that can become dangerous: They're very often used to create a "short form" or "predictable length" version of typically much longer (or potentially shorter) blob of arbitrary text that is assumed to be unique and can in all cases be used directly in lieu of the original as a perfect short form representation. As the article describes, it is a way to avoid inspecting large blocks of data, which would be slower and require more work and more storage and more data transmission. In some cases this can't be avoided, but in many cases it is essentially just a performance/bandwidth optimization rather than a cryptographic necessity.

[–] sukhmel@programming.dev 2 points 23 hours ago

Hashes are 'proper cryptography', it's just that sometimes even when you use the right tools you get a bad result, e.g. when a backdoor exists in the hashing parameters that is hard to find. Yes, sometimes hashes are overused, but this example here doesn't seem like the case, and true randomness wouldn't allow the proofs to be deterministic, thus requiring everything to be checked which is not desirable because it requires time and power to do so.