Access to random bits is required by almost every security protocol. A common assumption in cryptography is that all parties have access to a perfect random source. Then we can prove that signatures are unforgeable, SSL is secure, and life is good. In practice, the situation is quite different as demonstrated by recent exploits of Debian OpenSSL library, WEP, and Netscape 1.1 keys. This talk will try to bridge the gap between theory and practice. The discussion will include what it means for a number to be “random” and demonstrate how some open source tools, as well as custom tools, can be used to find programs with poor sources of randomness.