RNG quality verification
James A. Donald
jamesd at echeque.com
Tue Jan 3 18:28:23 EST 2006
--
John Kelsey wrote:
> To assess a cryptographic PRNG, you need to know two things:
>
> a. If it had a starting point or seed which was impossible to
> guess, would you be able to find any problems with its outputs?
>
> b. Does it get a starting point or seed which is impossible to
> guess?
>
> Assessing (a) is about cryptanalysis; statsitics can help there, but
> mostly, you're looking at the output from some cryptographic
> function like SHA1 or AES or 3DES. Assessing (b) is about data
> analysis--you're going to look at the sources for seed material, and
> try to determine what makes them ultimately unpredictable, and to
> model them somehow. You can't assess how much entropy some variable
> has without some kind of probability model for it.
All observables are necessarily theory laden. Entropy and randomness
are more theory laden than most, so theory laden as to be impossible
to observe directly. One must study what goes in, not what goes out.
For any test, ask yourself this: If the source of "random" numbers
was the current time, hashed with SHA and a sixteen bit fixed code,
would your test show any problem?
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
KU60aORMS6eP2TWG+XjML/Cp7egySzT8UZW/n9Zo
40TzrkMfMK52cZ0Rdu5DMlo9ngx84PkNXCHQrnXQ+
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list