[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Verification of Random Number Generators

To: "Erik E. Fair" (Time Keeper) <[email protected]>
Subject: Re: Verification of Random Number Generators
From: Andrew Loewenstern <[email protected]>
Date: Tue, 19 Sep 95 11:54:15 -0500
Cc: Eric Young <[email protected]>, Jeff Weinstein <[email protected]>, [email protected]
Sender: [email protected]

>  Just an idle thought: it might be possible to do a probabalistic
>  verification of a RNG by sampling it over some number of samples,
>  and statistically analyzing the sample space. This would be analysis
>  under the model of "RNG as black box" as opposed to (or rather, if
>  you're smart, in addition to) code inspection & review. Any
>  statisticians among us?

But this wouldn't have solved Netscape's problem.  Netscape was using a  
pretty good PRNG (the one in RSAREF).  The problem was they were/are using a  
naive method of seeding it.  The output of the PRNG would have been  
statistically random, but since the seed had ridiculously little entropy it  
was easy to guess.

andrew

Prev by Date: Re: NYT on Netscape Crack
Next by Date: Re: "Hackers"-- brief review and anecdote...
Prev by thread: Re: Verification of Random Number Generators
Next by thread: Re: Verification of Random Number Generators
Index(es):
- Date
- Thread