[ISN] Random numbers aren’t, says infosec boffin

http://www.theregister.co.uk/2015/08/11/your_numbers_arent_random_says_infosec_boffin/ By Richard Chirgwin The Register 11 Aug 2015 The randomness (or rather, lack thereof) of pseudo-random number generators (PRNGs) is a persistent pain for those who work at the low layers of cryptography. Security researcher Bruce Potter, whose activity in the field stretches back more than a decade, when he demonstrated war-driving using Bluetooth, says problems both in design and implementation undermine the effectiveness of common crypto libraries. Now Potter’s work (his BlackHat presentation is here [PDF]) has led to the claim that nobody really understands what’s going on. Part of the problem, he writes, is that people tend to conflate “entropy” with “randomness”, when in fact the two mean different things: entropy is a measurement of the uncertainty of an outcome, while randomness is a long-term assessment of entropy. […]