[Cryptography] Dieharder & /dev/urandom
Michel Arboi
michel.arboi at gmail.com
Wed May 15 08:27:03 EDT 2019
Le mer. 15 mai 2019 à 06:24, Sidney Markowitz <sidney at sidney.com> a écrit :
> One important point of the article is that a result of PASSED does not mean
> that the RNG has passed a test, it means that it has with high probability not
> failed; a result of FAILED means that it has with high probability failed; and
> a result of WEAK indicates uncertainty in the results, not that the RNG is
> close to passing or close to failing a test. WEAK is an indication that you
> need to make the test stronger (e.g. with more p samples) until the
> uncertainty is resolved one way or another. The article is a demonstration of
> how to do that.
So I should run the tests in "resolve ambiguity" mode, like this?
dieharder -a -g 501 -k 2 -Y 1
man dieharder says:
-k ks_flag - ks_flag
0 is fast but slightly sloppy for psamples > 4999 (default).
1 is MUCH slower but more accurate for larger numbers of psam‐
ples.
2 is slower still, but (we hope) accurate to machine precision
for any number of psamples up to some as yet unknown numerical
upper limit (it has been tested out to at least hundreds of
thousands).
3 is kuiper ks, fast, quite inaccurate for small samples, depre‐
cated.
-Y Xtrategy - the Xtrategy flag controls the new "test to failure"
(T2F)
modes. These flags and their modes act as follows:
0 - just run dieharder with the specified number of tsamples
and psamples, do not dynamically modify a run based on results.
This is the way it has always run, and is the default.
1 - "resolve ambiguity" (RA) mode. If a test returns "weak",
this is an undesired result. What does that mean, after all?
If you run a long test series, you will see occasional weak
returns for a perfect generators because p is uniformly distrib‐
uted and will appear in any finite interval from time to time.
Even if a test run returns more than one weak result, you cannot
be certain that the generator is failing. RA mode adds psamples
(usually in blocks of 100) until the test result ends up solidly
not weak or proceeds to unambiguous failure. This is morally
equivalent to running the test several times to see if a weak
result is reproducible, but eliminates the bias of personal
judgement in the process since the default failure threshold is
very small and very unlikely to be reached by random chance even
in many runs.
This option should only be used with -k 2.
More information about the cryptography
mailing list