[Cryptech Tech] Matt Green on How do you know if an RNG is working

[Randy Bush]

so, to paraphrase ewd, (staticical) tests can show the presence of bugs,
but can not prove their absense.  i am too old to expect pixie dust from
green.  his point about not leaving open avenue(s) for injection made me
think.  

> In addition to statistical tests, the design must be examined for
> predictable outputs.  Careful analysis by humans is needed here.

so wide and deep revue is our main defense?

randy