[Cryptech Tech] Matt Green on How do you know if an RNG is working

Russ Housley housley at vigilsec.com
Wed Mar 19 19:50:35 UTC 2014


Randy:

> so, to paraphrase ewd, (staticical) tests can show the presence of bugs,
> but can not prove their absense.  i am too old to expect pixie dust from
> green.  his point about not leaving open avenue(s) for injection made me
> think.  
> 
>> In addition to statistical tests, the design must be examined for
>> predictable outputs.  Careful analysis by humans is needed here.
> 
> so wide and deep revue is our main defense?

Indeed.

Russ



More information about the Tech mailing list