[Cryptography] While we're on 'Randomness' again....
Ray Dillinger
bear at sonic.net
Tue Dec 27 15:30:01 EST 2016
Worthy of note: The 'dieharder' battery of tests for the statistical
properties of streams of bits is often used to reject any pseudorandom
sequence generator that shows detectable patterns in output.
It can also be used as a rejection test of any encryption or hashing
algorithm anyone comes up with. Proper cryptographic output of any kind
is indistinguishable from random bits. So if the output fails
dieharder, then it most definitely is not secure encryption. This alone
is sufficient to demonstrate a problem with (or as a guide to where to
start cryptanalyzing) most kinds of homebrew cryptographic algorithms.
But things like the Mersenne Twister pass dieharder, and while it's fine
for simulations etc, it most definitely is not a secure source of bits
for cryptographic purposes. In fact as a GFSR I find the fact of it
passing at all to be counterintuitive and somewhat amazing.
Acceptance tests, both for cryptographic primitives and for supposed
sources of unbiased bits, are effectively impossible to come up with,
for reasons we've been talking about.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161227/3569eca6/attachment.sig>
More information about the cryptography
mailing list