3
Wisecrack
28d

In android 7.1, I've seen a lot of conflicting reports about crypto security.

If I do something like the following in the default android 7.1 browser...

var array = new Uint32Array(n);
window.crypto.getRandomValues(array);

How secure would the resulting numbers be overall? I'm asking because I've seen a lot of articles talking about it, but they never specifically mention the default 7.1 android *browser* and what or how it obtains secure random numbers. They only ever talk about the api, sdk, and developers working in java.

Comments
  • 2
    Considering the whole premise of 'crypto' module being random values suitable for cryptography, they probably should be taken from the same sources as system crypto values.

    That's just an assumption though.
  • 1
    @iiii someone suggested doing a chi squared test on the numbers but im not familiar with how to.
  • 2
    I figured out how to to chi square testing in python and tested it.

    Apparently 'secure' number generation on android 7.1 is completely broken dogshit.

    Imagine my surprise.
  • 2
    @Wisecrack *pikachu face.jpg*
Add Comment