Welome to the Internet, here's your private key
Greg Rose
ggr at qualcomm.com
Wed Feb 6 14:56:36 EST 2002
At 05:55 AM 2/7/2002 +1300, Peter Gutmann wrote:
>Greg Rose <ggr at qualcomm.com> writes:
>
> >While priming the RC4 table, I accidentally filled the data buffer instead
> >(D'oh!) with consecutive byte values 0x00, 0x01, ... 0xFF, 0x00, ...
> >
> >This very much passes the FIPS 140 tests for randomness, despite being
> nothing
> >like it:
>
>A generic order-0 entropy estimator (think Huffman coder) will pass this,
>because each symbol occurs with equal probability. The reason this is a
>problem is because any introductory information theory text will give the
>standard formula for entropy estimation (H = -sum(prob(x) * log(
>prob(x)))) and
>users will either stop reading there or the text won't go any further.
But it is interesting that, had the FIPS test worked on a multiple of 256
bytes, it would have caught it, because it uses a two-sided ChiSquare test.
In other words, perfect frequency distribution (of nybbles) is also
something it will reject... but it wasn't perfect because a sequence
stopped early.
Greg.
Greg Rose INTERNET: ggr at qualcomm.com
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list