[cryptography] urandom vs random

Sebastian Schinzel ssc at seecurity.org
Wed Aug 21 04:37:05 EDT 2013


On 21. Aug 2013, at 09:32 AM, Dominik <dominik at dominikschuermann.de> wrote:

> You can use DieHarder, which is a collection of statistical tests to evaluate if somethings looks random.

Problem is that you have to use the suite in a proper way. Checking
a single "weak Debian SSL key pair" probably would not have 
raised the problem. You'd have had to generate many keys (>> 2^16)
with that Debian SSL version to learn that they repeat.

So simply running DieHarder is not enough.

Regards,
Sebastian


More information about the cryptography mailing list