diehard versus SHA-1

John S. Denker jsd at monmouth.com
Sat Jun 1 20:13:17 EDT 2002


I wrote:
> >the thermodynamics of electrical circuits, costing
> >next to nothing.  A draft writeup can be found at:
> >  http://www.monmouth.com/~jsd/turbid/paper/turbid.htm


David Honig responded, starting with a quote from that URL:
> 
> ... "-- We check for common gross failures. We consider it
> unnecessary and infeasible to check for uncommon obscure failures."

The quoted passage comes from an appendix which is a "parking 
lot" for half-baked ideas that have NOT been incorporated into the 
draft paper, because they do not meet my standards of clarity and 
precision.  So it is about as out-of-context as anything could 
possibly be.

The passage that actually describes what I believe can be
found in the main part of the paper,
  http://www.monmouth.com/~jsd/turbid/paper/turbid.htm#sec-measurement

(I have just now revised it a bit, so please hit the "reload" 
button on your browser.)

> It isn't that hard to run eg the Diehard suite periodically; that checks
> for some fine nuances..

Well, 
 1) I did run Diehard.  Also Mauer's Universal Statistical Test.
They didn't turn up anything.  I would have been very, very
astonished if they had turned up any "nuances".  Gross bugs,
maybe, but not nuances.  Turbid was designed to be "industrial 
strength" -- not sensitive to nuances.

 2) Questions:  What sort of nuances would you expect to see? 
 -- If you suspect a weakness in SHA-1, wouldn't it be better
to attack SHA-1 directly, using standard cryptanalytic techniques,
including chosen inputs, rather than haphazardly probing it with
whatever comes off the data-acquisition system?
 -- If you suspect a problem upstream of SHA-1, why not look
there, where the alleged problem is?  Why not look with a 
test that's appropriate to the problem, rather then obscuring
the problem with SHA-1 and then applying a non-specific test?

3) There are lots of hardware random number generators out there
that seem to be built on the criteria of "Gee, it looks kinda
random to me" or "I can't find any pattern in it using the 
following standard tests".  We strongly deprecate all such
criteria.  Observation and testing can provide an upper bound
to the entropy density, not a lower bound.

Turbid, in contrast, is designed around a lower bound.  The
lower bound is calculated from physics principles, not 
estimated using some statistical test(s).

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list