On 2/19/07, Tyler Durden <camera_lumina@hotmail.com> wrote:
... Is it possible to verify that a remote random number generator is actually random?
remote or not doesn't add much to the difficulty of the question: "is it _truly_ random?" lots of statistical tests to confirm that a given distribution of bits IS NOT, but nothing to prove IT IS. and by IS NOT, i mean sufficiently improbable to be random, thus considered not random. even a true hw rng could throw all bits set given enough chances. it's easy for a remote peer to fool such statistical tests: check the output of AES-CBC keyed with all zeros. there is almost no actual entropy (in the keys) yet the output appears to be random, and you would (in theory) not be able to distinguish without the key used. if you look at the various hw rng daemons they often to some FIPS sanity checks on the input but leave it at that. the idea is that failed hardware will start producing FIPS failures and can be detected.