Linux-style kernel PRNGs and the FIPS140-2 test
clenahan at fortresstech.com
clenahan at fortresstech.com
Tue Jan 15 18:00:21 EST 2002
At 03:23 PM 1/15/2002 -0500, Thor Lancelot Simon wrote:
>Many operating systems use "Linux-style" (environmental noise
>stirred with a hash function) generators to provide "random"
>and pseudorandom data on /dev/random and /dev/urandom
>respectively. A few modify the general Linux design by adding an
>output buffer which is not stirred so that bits which have already
>been output are not stirred into the pool of "new" "random" data
>(IMO, not doing this is insane, but that's a different subject).
>
>The enclosed implementation of the FIPS140-1/2 statistical test
>appears to show that such generators fail the "runs" test quite
>regularly. Interestingly, the Linux generator seems to do better
>the longer you let it run (which, perhaps, suggests that quite a
>bit of data should be run through it at boot time and discarded)
>but other, related generators do not.
>
>The usual failure mode is "too many runs of 1 1s". Using MD5
>instead of SHA1 as the mixing function, the Linux generator
>also displays "too many runs of 1 0s". I have not yet seen
>other failure modes from these generators.
>
>To reproduce my results, just compile the enclosed and do
>"a.out < /dev/urandom" on your platform of choice.
>
>Thor
>
What happens when you do it to /dev/random?
My understanding was that /dev/random while on return data if it
has enough entrophy , otherwise it blocks. /dev/urandom will get its
values from /dev/random until it blocks then it continues by output psuedo
garbage.
The use of /dev/urandom is for non-cryptographic stuff that can't block
on it's reads, like a read to /dev/random would.
Plus, shouldn't you only be using it as a seed to a Yarrow or a FIPS PRNG
like X917?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list