[Cryptography] Dieharder & /dev/urandom

Michel Arboi michel.arboi at gmail.com
Wed May 15 08:27:03 EDT 2019


Le mer. 15 mai 2019 à 06:24, Sidney Markowitz <sidney at sidney.com> a écrit :

> One important point of the article is that a result of PASSED does not mean
> that the RNG has passed a test, it means that it has with high probability not
> failed; a result of FAILED means that it has with high probability failed; and
> a result of WEAK indicates uncertainty in the results, not that the RNG is
> close to passing or close to failing a test. WEAK is an indication that you
> need to make the test stronger (e.g. with more p samples) until the
> uncertainty is resolved one way or another. The article is a demonstration of
> how to do that.


So I should run the tests in "resolve ambiguity" mode, like this?
dieharder -a -g 501 -k 2 -Y 1


man dieharder says:

       -k ks_flag - ks_flag

              0 is fast but slightly sloppy for psamples > 4999 (default).

              1 is MUCH slower but more accurate for larger numbers  of  psam‐
              ples.

              2  is  slower still, but (we hope) accurate to machine precision
              for any number of psamples up to some as yet  unknown  numerical
              upper  limit  (it  has  been  tested out to at least hundreds of
              thousands).

              3 is kuiper ks, fast, quite inaccurate for small samples, depre‐
              cated.

       -Y Xtrategy - the Xtrategy flag controls  the  new  "test  to  failure"
       (T2F)
              modes.  These flags and their modes act as follows:

                0  -  just run dieharder with the specified number of tsamples
              and psamples, do not dynamically modify a run based on  results.
              This is the way it has always run, and is the default.

                1  - "resolve ambiguity" (RA) mode.  If a test returns "weak",
              this is an undesired result.  What does that  mean,  after  all?
              If  you  run  a  long  test series, you will see occasional weak
              returns for a perfect generators because p is uniformly distrib‐
              uted  and  will appear in any finite interval from time to time.
              Even if a test run returns more than one weak result, you cannot
              be certain that the generator is failing.  RA mode adds psamples
              (usually in blocks of 100) until the test result ends up solidly
              not  weak  or  proceeds to unambiguous failure.  This is morally
              equivalent to running the test several times to see  if  a  weak
              result  is  reproducible,  but  eliminates  the bias of personal
              judgement in the process since the default failure threshold  is
              very small and very unlikely to be reached by random chance even
              in many runs.

              This option should only be used with -k 2.


More information about the cryptography mailing list