Learn More
Resend Email
3
Wisecrack
4y

In android 7.1, I've seen a lot of conflicting reports about crypto security.

If I do something like the following in the default android 7.1 browser...

var array = new Uint32Array(n);
window.crypto.getRandomValues(array);

How secure would the resulting numbers be overall? I'm asking because I've seen a lot of articles talking about it, but they never specifically mention the default 7.1 android *browser* and what or how it obtains secure random numbers. They only ever talk about the api, sdk, and developers working in java.

question

android

java

crypto

nougat

javascript

android 7.1
Favorite
Ranter
Comments
  • 1
    4y
    Considering the whole premise of 'crypto' module being random values suitable for cryptography, they probably should be taken from the same sources as system crypto values.

    That's just an assumption though.
  • 0
    4y
    @iiii someone suggested doing a chi squared test on the numbers but im not familiar with how to.
  • 2
    4y
    I figured out how to to chi square testing in python and tested it.

    Apparently 'secure' number generation on android 7.1 is completely broken dogshit.

    Imagine my surprise.
  • 2
    4y
    @Wisecrack *pikachu face.jpg*
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment