Is it possible to design a compromised RNG so that it that is both Useful to the attacker, in that they gain significant advantage against messages encrypted using this RNG, and Indistinguishable from an honest RNG for everyone else? Or at least as difficult to distinguish as good encryption is to distinguish from noise. Treating the RNG as a black box, so only looking at it's output, not auditing it's internals. submitted by /u/tomrlutong [link] [comments]