Pierre-Evariste Dagand wrote:
I doubt you can get a large enough sample in any reasonable time.
Indeed.
I don't see the point of evaluating the quality of a random number
generator by statistical tests.
Which is entirely my point.
I fear I was not clear: I don't see what is wrong in evaluating the
quality of a random number generator with (an extensive set of)
statistical tests.
SHA-1(1), SHA-1(2), SHA-1(3), ... SHA-1(N) will look random, but clearly
is not.
For sure, it would be better if we could check the source code and
match the implemented RNG against an already known RNG.
But, then, there is a "the chicken or the egg" problem: how would you
ensure that a *new* RNG is a good source of "randomness" ? (it's not a
rhetorical questions, I'm curious about other approaches).
By reviewing the algorithm and thinking hard.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
