A random-number generator passes a standard statistical test suite, so what is the safest conclusion before trusting it for cryptography?
Show answer & explanation
Answer: Only a first screening
Only a first screening ✓ — Passing statistical tests is useful evidence, but it is only a first screening. NIST SP 800-22 explicitly warns that tests cannot certify a generator's cryptographic suitability or replace cryptanalysis. A clean test report is encouraging, yet the source model, entropy, implementation, and threat model still matter.
Proof of future bits — Future bits are not proven merely because past output looked statistically normal. A flawed physical device can contain predictable noise, and a deterministic generator can pass many tests until its state is exposed. Certification needs a reason that an adversary could not have known the bits in advance, not just a clean histogram.
No need for seed secrecy — Seed secrecy still matters for pseudorandom generators. SP 800-22 frames the goal as next-output unpredictability despite previous outputs when the seed is unknown. If the seed becomes known, the argument changes completely; passing a battery of tests does not make seed exposure harmless.
More Physics in Daily Life questions
- In a warm office that already reads 26 C, which change can make people feel cooler without lowering the thermostat?
- Why might 26 C feel acceptable in a breezy naturally ventilated summer building but too warm in a sealed winter office?
- On a warm humid day, why can the same 27 C room feel much worse once you start sweating?
- Why can moving air make a 27 C room feel cooler without changing the thermometer?
- Which hidden factor can make a desk beside a cold window feel chilly even when the thermostat across the room still reads 22 C?
- In the same 22 C room, why might someone who just climbed stairs feel warm while someone sitting in a T-shirt feels chilly?
