> no. you can't test a rng by looking at the output. only the > algorithm and the actual code can be analyzed and reviewed. it is > because it is extremely easy to create a crappy rng that fools the > smartest analytical tool on the planet. it is not that easy to fool an > attacker that reverse engineers your system.
I agree with you. Any test of the output could be fooled while still having a vulnerable generator. However, I'm often in the position where I'm black box testing software that uses PRNGs and I want to make a best effort to spot any obvious mistakes, such as using a bad seed, weak generator, etc. While in theory, there are a huge array of possible ways to make these mistakes, in practice developers tend to make the same ones over and over again, with slight variations. Therefore there is utility in having a simple way to check output for a discrete set of common mistakes. Generic statistical tests usually aren't helpful here. Instead, tests targeted at well-known weak generators or seed methods would be quite handy in my line of work. tim _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
