> Allow me to clarify my problem a little. I'm commonly engaged to review > source code for a security audit, some such programs include a random > number generator, many of which are of ad-hoc design. The nature of such > audits is that it's much more appealing to be able to say "here are three > accepted guidelines that your generator violates" rather than "I haven't > seen that before and I don't like it, you should replace it with something > else".
Here are two references that might also be helpful: http://www.cryptography.com/resources/whitepapers/VIA_rng.pdf http://www.cryptography.com/resources/whitepapers/IntelRNG.pdf These are reports on the analysis of two RNGs, I found them well written. --Anton --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
