[cryptography] urandom vs random

Natanael natanael.l at gmail.com
Tue Aug 20 17:58:27 EDT 2013

Most regular people can't accurately test or evaluate the output.
Numbers aren't random, the sources are. You can't just judge a PRNG by
it's output. For all you know the PRNG could be doing nothing more
than doing SHA256 of a fixed value plus a counter, and if somebody
would know that fixed value then bruteforce is trivial since testing a
few thousand counter values isn't all that hard. And yet the output
would *look* random.

2013/8/20 grarpamp <grarpamp at gmail.com>:
> The subject thread is covering a lot about OS implementations
> and RNG various sources. But what are the short list of open
> source tools we should be using to actually test and evaluate
> the resulting number streams?
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography

More information about the cryptography mailing list