Is there an example of any production software that uses /dev/random or /dev/urandom and actually checks the output for randomness before using, or does ALL software blindly trust that these devices work as advertised?
-
-
No, I'm just wondering if anyone anywhere ever actually validates that "go get random" actually returns random data. Or for example catching things like CVE-2008-0166. Or a pile of these: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=randomness …
-
I don't know how to validate it, even dieharder would pass 100% deterministic output from encrypting /dev/zero with fixed key, right?
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.