[cryptography] Fatal flaw in Taiwanese smart card RNG

Tim tim-security at sentinelchicken.org
Mon Sep 16 13:12:07 EDT 2013

> no. you can't test a rng by looking at the output. only the
> algorithm and the actual code can be analyzed and reviewed. it is
> because it is extremely easy to create a crappy rng that fools the
> smartest analytical tool on the planet. it is not that easy to fool an
> attacker that reverse engineers your system.

I agree with you.  Any test of the output could be fooled while still
having a vulnerable generator.

However, I'm often in the position where I'm black box testing
software that uses PRNGs and I want to make a best effort to spot any
obvious mistakes, such as using a bad seed, weak generator, etc.
While in theory, there are a huge array of possible ways to make these
mistakes, in practice developers tend to make the same ones over and
over again, with slight variations.  Therefore there is utility in
having a simple way to check output for a discrete set of common
mistakes.  Generic statistical tests usually aren't helpful here.
Instead, tests targeted at well-known weak generators or seed methods
would be quite handy in my line of work.


More information about the cryptography mailing list