[39457] in Cypherpunks
Re: Verification of Random Number Generators
daemon@ATHENA.MIT.EDU (Andrew Loewenstern)
Tue Sep 19 13:01:19 1995
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Tue, 19 Sep 95 11:54:15 -0500
To: "Erik E. Fair" (Time Keeper) <fair@clock.org>
Cc: Eric Young <eay@mincom.oz.au>, Jeff Weinstein <jsw@neon.netscape.com>,
cypherpunks@toad.com
> Just an idle thought: it might be possible to do a probabalistic
> verification of a RNG by sampling it over some number of samples,
> and statistically analyzing the sample space. This would be analysis
> under the model of "RNG as black box" as opposed to (or rather, if
> you're smart, in addition to) code inspection & review. Any
> statisticians among us?
But this wouldn't have solved Netscape's problem. Netscape was using a
pretty good PRNG (the one in RSAREF). The problem was they were/are using a
naive method of seeding it. The output of the PRNG would have been
statistically random, but since the seed had ridiculously little entropy it
was easy to guess.
andrew
