> From: Sid Shetye [mailto:sid...@outlook.com]
>
> Edward, compressibility as a PRNG test isn't that reliable. It can weed out
> really bad PRNGs but RNGs need to protect against predictability.
I agree. The compression test is kind of primitive, but it's easy and
successful at detecting the mo
Edward, compressibility as a PRNG test isn't that reliable. It can weed out
really bad PRNGs but RNGs need to protect against predictability.
For example: compressibility would pass for the previously circulated digest
RNG with same seed code but its a horrible failure from a RNGs perspective.
> From: Peter Dettman [mailto:peter.dett...@bouncycastle.org]
> Sent: Tuesday, July 29, 2014 10:56 PM
>
> Hi Edward,
> Thankyou for your informative comments (and to others for contributing
> their thoughts). I do think there is room for improvement in the BC RNG
> code, particularly around entrop
> From: Edward Ned Harvey (bouncycastle)
>
> The problem is, you're passing your DigestRandomGenerator directly into
> SecureRandom, without keeping any reference to the
> DigestRandomGenerator. It is therefore impossible for you to add any seed
> to it.
>
> You *need* to keep a reference to the
> From: Peter Dettman [mailto:peter.dett...@bouncycastle.org]
>
> Hi Edward,
> Thankyou for your informative comments (and to others for contributing
> their thoughts). I do think there is room for improvement in the BC RNG
> code, particularly around entropy-collection.
Good info all around, tha
