On Tue, Dec 21, 2010 at 4:30 PM, Kurt Knochner <cdowl...@googlemail.com> wrote: > yes, that's true. However, it's just a starting point. Do we currently > know that they have a good distribution? Is there any documented test > for the quality of the PRNG?
You can analyze the numbers coming out of /dev/arandom if you like, but the scheme basically depends on the security of rc4, which is still widely used. I realize this is proof by assertion, but if you could decode an rc4 stream, that'd be a big deal.