On the "randomness" of DNS

Ben Laurie ben at links.org
Sat Aug 2 17:51:53 EDT 2008


Philipp Gühring wrote:
> Hi,
> 
> I would suggest to use http://www.cacert.at/random/ to test the 
> randomness of the DNS source ports. Due to the large variety of 
> random-number sources that have been tested there already, it's useful 
> as a classification service of unknown randomly looking numbers.
> You just have to collect 12 MB of numbers from a DNS server and upload 
> it there. (If you get 2 Bytes per request, that's 6 million requests you 
> have to do)
> 
>>> I don't see the point of evaluating the quality of a random number
>>> generator by statistical tests.
> 
> We successfully used statistical tests to detect broken random number 
> generators, we informed the vendors and they fixed them.
> http://www.cacert.at/cgi-bin/rngresults

Are you seriously saying that the entropy of FreeBSD /dev/random is 0?

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list