> Date: Sun, 4 Apr 2021 21:24:56 +0000 (UTC) > From: RVP <r...@sdf.org> > > I think running the /dev/random bit-stream through some statistical > tests, (both on RDRAND/RDSEED-based and estimator-based as in your > patch) would be useful here.
No, because the output of /dev/random and /dev/urandom is the output of a pseudorandom number generator that meets modern standards of security. If anyone had _ever_ published statistical tests that the PRNG failed in a detectable way, then (a) this would be an earthshattering development in the cryptography literature, which would be hotly discussed in much more significant forums than NetBSD mailing lists, and (b) we would stop using this PRNG and switch to another one. (Device-dependent health tests do make sense in the HWRNG device driver, to detect broken devices before we treat them as having entropy, which is why we do them wherever we can, e.g. to detect the AMD RDRAND bugs.)