Editing Random number generator attack (section)

==Defenses==
* Mix (with, for example, [[xor]]) hardware generated random numbers with the output of a good quality [[stream cipher]], as close to the point of use as possible. The stream cipher key or seed should be changeable in a way that can be audited and derived from a trustworthy source, e.g. dice throws. The [[Fortuna (PRNG)|Fortuna]] random number generator is an example of an algorithm which uses this mechanism.
* Generate passwords and [[passphrase]]s using a true random source. Some{{clarify|date=June 2020}} systems select random passwords for the user rather than let users propose their own.
* Use encryption systems that document how they generate random numbers and provide a method to audit the generation process.
* Build security systems with off the shelf hardware, preferably purchased in ways that do not reveal its intended use, e.g. off the floor at a large retail establishment. From this perspective, [[sound card]]s and [[webcam]]s may be a better source of randomness than [[Hardware random number generator|hardware made for that purpose]].
* Maintain complete physical control over the hardware after it has been purchased. The hardware should at one place or location and need no other transmission to a peer-to-peer hardware. Attacks are on the line in the network not the hardware itself.

Designing a secure random number generator requires at least as high a level of care as designing other elements of a cryptographic system.