[Cryptech Tech] Matt Green on How do you know if an RNG is working

[Russ Housley]

> http://blog.cryptographyengineering.com/2014/03/how-do-you-know-if-rng-is-working.html

Matt Green seems to place little confidence in the statistical tests.  However, he does not offer an alternative.  In my view, the statistical tests are necessary, but they are not the whole answer.

In one system that I was building, the hardware included a noisy diode in the power circuit.  The vendor claimed that it was a good source of random numbers.  Statistical tests showed otherwise.  At best, it was a source for entropy.  I mixed the noisy diode entropy with some other things to generate a seed for a pseudorandom number generator.  Then, as the system ran for I while, I updated the seed value with entropy collected from the noisy diode.  This design passed the statistical tests, but it was not one of the FIPS allowed designs.  Dealing with that situation is probably not relevant here.

In addition to statistical tests, the design must be examined for predictable outputs.  Careful analysis by humans is needed here.

Russ