[Cryptech Tech] Matt Green on How do you know if an RNG is working

[Russ Housley]

Randy:

> so, to paraphrase ewd, (staticical) tests can show the presence of bugs,
> but can not prove their absense.  i am too old to expect pixie dust from
> green.  his point about not leaving open avenue(s) for injection made me
> think.  
> 
>> In addition to statistical tests, the design must be examined for
>> predictable outputs.  Careful analysis by humans is needed here.
> 
> so wide and deep revue is our main defense?

Indeed.

Russ