[cryptography] urandom vs random
James A. Donald
jamesd at echeque.com
Tue Aug 20 19:10:20 EDT 2013
On 2013-08-21 7:33 AM, grarpamp wrote:
> The subject thread is covering a lot about OS implementations
> and RNG various sources. But what are the short list of open
> source tools we should be using to actually test and evaluate
> the resulting number streams?
You cannot test and evaluate a supposedly random number stream. True
randomness and cryptographically strong pseudo randomness are not
directly observable qualities.
You have to look at the underlying generation mechanism and deduce
randomness, or the lack thereof.
If you apply a whitening expander to the source stream ....0000000....
the output stream will look convincingly random, but will be completely
non random to anyone who knows the whitening expander and knows or
suspects that the source stream is completely non random
More information about the cryptography