We all know that randomness is required for good crypto, but what is the a measurable difference in the quality of the crypto if using a Linux PRNG (or in our case the Java SecureRandom PRNG)? How much easier is it to crack an encrypted file done with such weaker PRNGs compared to the hardware RNGs, especially if it's so hard to determine the quality of the randomness.
On Tue, Aug 20, 2013 at 4:10 PM, James A. Donald <jam...@echeque.com> wrote: > On 2013-08-21 7:33 AM, grarpamp wrote: > >> The subject thread is covering a lot about OS implementations >> and RNG various sources. But what are the short list of open >> source tools we should be using to actually test and evaluate >> the resulting number streams? >> ______________________________**_________________ >> >> > You cannot test and evaluate a supposedly random number stream. True > randomness and cryptographically strong pseudo randomness are not directly > observable qualities. > > You have to look at the underlying generation mechanism and deduce > randomness, or the lack thereof. > > If you apply a whitening expander to the source stream ....0000000.... the > output stream will look convincingly random, but will be completely non > random to anyone who knows the whitening expander and knows or suspects > that the source stream is completely non random > ______________________________**_________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/**mailman/listinfo/cryptography<http://lists.randombit.net/mailman/listinfo/cryptography> >
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
