On 2013-09-17 02:56, Seth David Schoen wrote:
Well, there's a distinction between RNGs that have been maliciously
designed and RNGs that are just extremely poor (or just are
inadequately seeded but their designers or users don't realize this).
It sounds like such extremely poor RNGs are getting
On 2013-09-16, at 11:56 AM, Seth David Schoen wrote:
> Well, there's a distinction between RNGs that have been maliciously
> designed and RNGs that are just extremely poor
This has been something that I’ve been trying to learn more about in the past
week or so. And if this message isn’t really
no. you can't test a rng by looking at the output. only the algorithm and the
actual code can be analyzed and reviewed. it is because it is extremely easy to
create a crappy rng that fools the smartest analytical tool on the planet. it
is not that easy to fool an attacker that reverse engineers
Krisztián Pintér writes:
> no. you can't test a rng by looking at the output. only the algorithm
> and the actual code can be analyzed and reviewed. it is because it
> is extremely easy to create a crappy rng that fools the smartest
> analytical tool on the planet. it is not that easy to fool an a
> no. you can't test a rng by looking at the output. only the
> algorithm and the actual code can be analyzed and reviewed. it is
> because it is extremely easy to create a crappy rng that fools the
> smartest analytical tool on the planet. it is not that easy to fool an
> attacker that reverse en
See:
http://arstechnica.com/security/2013/09/fatal-crypto-flaw-in-some-government-certified-smartcards-makes-forgery-a-snap/
for overview, and:
http://smartfacts.cr.yp.to/
for more details of the research.
Would it be advisable to implement a test, prior to any certification of an
RNG, whereb