[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
> On 20 Sep 2013, at 23:35, Martijn Grooten <dcglug@xxxxxxxxxxxxxxxxxx> wrote: > > Sure, it the "PRNG" simply produces more zeros than ones, that's easy to spot > using some basic statistics. But (pseudo) randomness isn't just about this - it > shouldn't be predicatable in any way. As the article you link notes the algorithm in question had small biases large enough to raise eyebrows by the first folks to look at it critically on the relationship between a number and it's successor. Agree it is isn't completely trivial to test, there are lots of things to test for, but as each test is created and made public by cryptanalysts or mathematicians, you just need to run it against any new system. Of course most crypto systems and PRNG have oddities on some statistical tests, then you need to ask a cryptographer how much that one matters in the real world. But running those tests is trivial. Bit like finding dodgy bits of source code, versus exploiting them. The later is much harder (as cracking ciphers is compared to running statistical tests), but if you are wise you run static source code analysers and maybe fuzz testing, and you know if you have obvious issues before release. You can prove it is secure, but you can hope to exclude areas of weakness. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq