[cryptography] urandom vs random

Open eSignForms yozons at gmail.com
Tue Aug 20 19:33:04 EDT 2013


We all know that randomness is required for good crypto, but what is the a
measurable difference in the quality of the crypto if using a Linux PRNG
(or in our case the Java SecureRandom PRNG)?  How much easier is it to
crack an encrypted file done with such weaker PRNGs compared to the
hardware RNGs, especially if it's so hard to determine the quality of the
randomness.


On Tue, Aug 20, 2013 at 4:10 PM, James A. Donald <jamesd at echeque.com> wrote:

> On 2013-08-21 7:33 AM, grarpamp wrote:
>
>> The subject thread is covering a lot about OS implementations
>> and RNG various sources. But what are the short list of open
>> source tools we should be using to actually test and evaluate
>> the resulting number streams?
>> ______________________________**_________________
>>
>>
> You cannot test and evaluate a supposedly random number stream. True
> randomness and cryptographically strong pseudo randomness are not directly
> observable qualities.
>
> You have to look at the underlying generation mechanism and deduce
> randomness, or the lack thereof.
>
> If you apply a whitening expander to the source stream ....0000000.... the
> output stream will look convincingly random, but will be completely non
> random to anyone who knows the whitening expander and knows or suspects
> that the source stream is completely non random
> ______________________________**_________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/**mailman/listinfo/cryptography<http://lists.randombit.net/mailman/listinfo/cryptography>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130820/f7d08a9f/attachment.html>


More information about the cryptography mailing list