[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Verification of Random Number Generators
> Just an idle thought: it might be possible to do a probabalistic
> verification of a RNG by sampling it over some number of samples,
> and statistically analyzing the sample space. This would be analysis
> under the model of "RNG as black box" as opposed to (or rather, if
> you're smart, in addition to) code inspection & review. Any
> statisticians among us?
But this wouldn't have solved Netscape's problem. Netscape was using a
pretty good PRNG (the one in RSAREF). The problem was they were/are using a
naive method of seeding it. The output of the PRNG would have been
statistically random, but since the seed had ridiculously little entropy it
was easy to guess.
andrew