[cryptography] Fatal flaw in Taiwanese smart card RNG

James A. Donald Jamesd at echeque.com
Wed Sep 18 02:29:18 EDT 2013

On 2013-09-17 02:56, Seth David Schoen wrote:
> Well, there's a distinction between RNGs that have been maliciously
> designed and RNGs that are just extremely poor (or just are
> inadequately seeded but their designers or users don't realize this).
> It sounds like such extremely poor RNGs are getting used in the wild
> quite a bit, and these problems might well be detected by more
> systematic and widespread use of these researchers' techniques.  It's
> true that a maliciously designed RNG would not be detected this way.
> The researchers do emphasize that

Typical design:   Bad randomness seeds a good pseudo random number 
generator - which unintentionally hides the fact that the randomness is 

Thus the difference between a malicious random number generator, and a 
random number generator where the seeding just is not working right, is 
seldom observable.

More information about the cryptography mailing list