

IOS 7 has weak random number generator. - teawithcarl
http://www.theregister.co.uk/2014/03/16/ios_7_has_weak_random_number_generator

======
CurtMonash
I know little about RNGs -- but wouldn't it be practical to run about 3 RNGs
with different algorithms in parallel, and add their results? Surely that
would be a lot harder to attack than any one RNG.

Ditto if you start with the RNG output and apply even a simple transformation
to it. After all, if you start with a pseudo-random-number and apply to it an
isomorphism from the valid number set to itself, you should wind up with
something that's still pseudo-random.

~~~
bmm6o
The old crypto literature has lots of ways of combining RNGs to make better
ones (for some values of "better"). You're generally better off just designing
one with known properties.

~~~
CurtMonash
I was thinking of it as a way of protecting against design flaws. Similarly, I
think -- and Ed Snowden recently said the same thing -- that for max security
one should wrap things in a sequence of different kinds of cryptography.

And by the way, not all parts have to be individually robust.

------
omarforgotpwd
Random numbers don't always need to be cryptographically secure. In situations
like games you might just want to use a function with low resource
requirements.

If you want a cryptographically secure random generation you should use
SecRandomCopyBytes(3) which I think comes from an isolated hardware random
number generator and should be tough to monitor through software.

Disclaimer: I'm not sure if what I'm saying is true

