Linux-style kernel PRNGs and the FIPS140-2 test
Adam Fields
fields at surgam.net
Tue Jan 15 19:10:43 EST 2002
"Arnold G. Reinhold" says:
> This result would seem to raise questions about SHA1 and MD5 as much
> as about the quality of /dev/random and /dev/urandom. Naively, it
> should be difficult to create input to these hash functions that
> cause their output to fail any statistical test.
I would think that this would only be relevant if there was a
correlation between inputs and outputs. Lack of entropic skew across
the bits of the output shouldn't give any clues to the specific input,
unless the outputs are clumping across the output
space. Theoretically, the hash functions ought to be able to output
every bit string in the output space, so you'd realistically expect a
fair number of runs.
You're right - it should be difficult to create inputs to the hash
functions that cause their output to fail a distribution test, but
doing so casts doubt on the randomness of the inputs, not the
distribution space of the hash.
At least I think that's right - it's been a while since I've thought
about this.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list