From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Tue, 19 Sep 95 09:58:16 PDT
To: "Erik E. Fair"  (Time Keeper) <fair@clock.org>
Subject: Re: Verification of Random Number Generators
Message-ID: <9509191654.AA00901@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


>  Just an idle thought: it might be possible to do a probabalistic
>  verification of a RNG by sampling it over some number of samples,
>  and statistically analyzing the sample space. This would be analysis
>  under the model of "RNG as black box" as opposed to (or rather, if
>  you're smart, in addition to) code inspection & review. Any
>  statisticians among us?

But this wouldn't have solved Netscape's problem.  Netscape was using a  
pretty good PRNG (the one in RSAREF).  The problem was they were/are using a  
naive method of seeding it.  The output of the PRNG would have been  
statistically random, but since the seed had ridiculously little entropy it  
was easy to guess.

andrew