testing - Is it unwise to fuzz-test with a cryptographically weak pseudorandom generator? -

While working on a large software project, I often used fuzzy testing as part of the test test only shown When the input reaches a certain size or size I have most commonly done using standard random number features which are being bundled with programming language that I am using.

Recently I started to wonder, to ignore the advantages or disadvantages of fuzzy tests, whether it is good to use a non-cryptographographie safe pseudoracom number generator while fuse testing. Weak random number generators often display those samples that separate them from true random scenes, even though those patterns are not clearly obvious. It seems that using a weak PRNG, a fuzz test will always have some hidden bugs May fail to trigger, which are shown only in some circumstances because the pseudora random number It may be related to each other that do not trigger those situations at any time. > Is this undoubtedly the use of PRNG for the EFZ test? If it is theoretically wrong to do this, is it still appropriate?

You are confusing two very different grades of "weakness":

• Statistical weakness means that the output of PRNG shows a statistical pattern, such that some sequences occur more frequently than others. This can actually cause ineffective fuzzing tests in some rare cases. Statistically strong PRNGs are fair and widely available (most notably Merson Twister).
• The cryptographic weakness means that the production of RNG is in the knowledge given in any other way. Seeds (such as the output themselves) do not have any sense in understanding this whole level The use of PPNG is cryptographically strong for FIP testing, because "pattern" is demonstrated by statistically strong-cryptography-weak PRNGs, Ografografik wife attacker to predict the need to stop the output.