[cryptography] Fatal flaw in Taiwanese smart card RNG

Krisztián Pintér pinterkr at gmail.com
Mon Sep 16 12:45:58 EDT 2013


no. you can't test a rng by looking at the output. only the algorithm and the actual code can be analyzed and reviewed. it is because it is extremely easy to create a crappy rng that fools the smartest analytical tool on the planet. it is not that easy to fool an attacker that reverse engineers your system.

> Would it be advisable to implement a test, prior to any
> certification of an RNG, whereby some large number of keys are
> created 



More information about the cryptography mailing list