[cryptography] urandom vs random

James A. Donald jamesd at echeque.com
Tue Aug 20 19:10:20 EDT 2013


On 2013-08-21 7:33 AM, grarpamp wrote:
> The subject thread is covering a lot about OS implementations
> and RNG various sources. But what are the short list of open
> source tools we should be using to actually test and evaluate
> the resulting number streams?
> _______________________________________________
>

You cannot test and evaluate a supposedly random number stream. True 
randomness and cryptographically strong pseudo randomness are not 
directly observable qualities.

You have to look at the underlying generation mechanism and deduce 
randomness, or the lack thereof.

If you apply a whitening expander to the source stream ....0000000.... 
the output stream will look convincingly random, but will be completely 
non random to anyone who knows the whitening expander and knows or 
suspects that the source stream is completely non random


More information about the cryptography mailing list