Is there an example of any production software that uses /dev/random or /dev/urandom and actually checks the output for randomness before using, or does ALL software blindly trust that these devices work as advertised?
I don't know how to validate it, even dieharder would pass 100% deterministic output from encrypting /dev/zero with fixed key, right?
-
-
Confirmed. You can generically detect extremely low quality entropy, and arbitrarily high quality entropy repeating, and that’s about it. There’s other detection models but they are not generic by any stretch of the imagination.
-
I, uh, got this wrong once. Got as far as an (*accepted*) DEFCON submission. Was looking like data compression was differentiating ciphers from one another. It wasn’t. Found my bug during ghost busting, because data lies and wants you to be wrong.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.