This isn’t about random vs pseudorandom numbers, it’s about the use of hashing in protocols that are provably secure under the random oracle model (ROM) but turn out to have problems anyway. It’s a pretty near certainty that first year CS courses don’t explain what the random oracle model is. But basically, there have been known attacks for decades against protocols intentionally designed to be vulnerable in the standard model while still secure in the ROM. This is the first time such an attack has been found against a real world protocol.
This isn’t about random vs pseudorandom numbers, it’s about the use of hashing in protocols that are provably secure under the random oracle model (ROM) but turn out to have problems anyway. It’s a pretty near certainty that first year CS courses don’t explain what the random oracle model is. But basically, there have been known attacks for decades against protocols intentionally designed to be vulnerable in the standard model while still secure in the ROM. This is the first time such an attack has been found against a real world protocol.
Matthew Green had an explainer a few months ago that was more detailed than the Quanta article while still being readable: https://blog.cryptographyengineering.com/2025/02/04/how-to-prove-false-statements-part-1/
Anyway it sounds like caution is warranted but “ZOMG the sky is falling” is overreaction.