RNG quality verification

James A. Donald jamesd at echeque.com
Tue Jan 3 18:28:23 EST 2006

John Kelsey wrote:
 > To assess a cryptographic PRNG, you need to know two things:
 > a.  If it had a starting point or seed which was impossible to
 > guess, would you be able to find any problems with its outputs?
 > b.  Does it get a starting point or seed which is impossible to
 > guess?
 > Assessing (a) is about cryptanalysis; statsitics can help there, but
 > mostly, you're looking at the output from some cryptographic
 > function like SHA1 or AES or 3DES.  Assessing (b) is about data
 > analysis--you're going to look at the sources for seed material, and
 > try to determine what makes them ultimately unpredictable, and to
 > model them somehow.  You can't assess how much entropy some variable
 > has without some kind of probability model for it.

All observables are necessarily theory laden.  Entropy and randomness
are more theory laden than most, so theory laden as to be impossible
to observe directly.  One must study what goes in, not what goes out.

 For any test, ask yourself this:  If the source of "random" numbers
was the current time, hashed with SHA and a sixteen bit fixed code,
would your test show any problem?

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list