07 February 2022

Dan Kaminsky — February 07, 1979 to April 23, 2021

If you're not someone who works/worked in information technology you won't know Dan Kaminsky. You might not know him even if you did, unless you were involved with computer and network security. 

He was self-described cypto-nerd. Not in the Bitcoin sense of crypto, but in the cryptography sense. It is hard to explain all he did in a few sentences, but the most famous thing he did was basically to save the internet from a serious problem with a bunch Domain Name System (DNS) servers. Servers that could have made bad-guys lives very easy. The patch he helped launch in 2008 stopped that. Though the design problem remains, it is harder to capitalize on.

The last thing that he wrote on his blog in 2017 is worth taking a glance at. Hacking the Universe with Quantum Encraption.

Cryptographically Secure Pseudorandom Number Generators are interesting. Given a relatively small amount of data (just 128 bits is fine) they generate an effectively unlimited stream of bits completely indistinguishable from the ephemeral quantum noise of the Universe. The output is as deterministic as the digits of pi, but no degree of scientific analysis, no amount of sample data will ever allow a model to form for what bits will come next.

In a way, CSPRNGs represent the most practical demonstration of Godel’s First Incompleteness Theorem, which states that for a sufficiently complex system, there can be things that are true about it that can never be proven within the rules of that system. Science is literally the art of compressing vast amounts of experimentally derived output on the nature of things, to a beautiful series of rules that explains it. But as much as we can model things from their output with math, math can create things we can never model. There can be a thing that is true — there are hidden variables in every CSPRNG — but we would never know.

And so an interesting question emerges. If a CSPRNG is indistinguishable from the quantum noise of the Universe, how would we know if the quantum noise of the universe was not itself a CSPRNG? There’s an infinite number of ways to construct a Random Number Generator, what if Nature tried its luck and made one more? Would we know?

Would it be any good?

I have no idea. I’m just a crypto nerd.

He died too young, due to complications with his diabetes. Hat tip to Steve Gibson and Security Now.

No comments:

Post a Comment

Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.

Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.