[Cryptography] Dieharder & symmetric cryptosystems

Richard T. Carback III rick at carback.us
Fri Mar 18 10:30:55 EDT 2022


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



> On Mar 16, 2022, at 12:41 PM, Ray Dillinger <bear at sonic.net> wrote:
>
>
>
> On 3/14/22 23:24, Ray Dillinger wrote:
>> If WEAK results on a particular test are persistent across several
>> different runs and regardless of whether we increase the sample size,
>> then that's something that has to be fixed.
>
> I have found a genuine problem here but first, I don't think it's the
> same one that OP intended to report, and second, I assess it as a
> problem with Dieharder not a problem with /dev/urandom.  I've pasted a
> repeated test (specifically test 201, the 'rgb_minimum_distance' test)
> against /dev/urandom input.  As you can see, '/dev/urandom' fails every
> time.

I concur the issue is with the tests... all of the recent changes are net-positive from a cryptanalysis security perspective (unless, of course, there’s a bug).

For context — As of late 2021, the new kernel maintainer in charge of this part of the codebase is Jason A. Donenfeld who is best known for Wireguard:

https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-linux-csprng-is-now/ <https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-linux-csprng-is-now/>

There are more significant changes coming out as well which will make /dev/random equivalent to /dev/urandom unless you use an insecure flag, and Jason’s writeup on that is here: https://www.zx2c4.com/projects/linux-rng-5.17-5.18/ <https://www.zx2c4.com/projects/linux-rng-5.17-5.18/>
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsFzBAEBCAAnBQJiNJeeCZA/GuWbfQE6TRYhBAGFytdGt1Ef10NhlD8a5Zt9
ATpNAAC3RQ/6ApM6pvah1THPwvqocf3eZMQ/c+XFwKGIduF2mkYDxPve/MQk
FZcJ7/P1UnKAkmnKzaam/7d3vYXx6ke99OMn/9obyakEu7KZBPXUjxIrgW7w
fb4oTZWWVbnbsrE03PlWWGZAlav0IrR9bnLo6PLFGIYQTt1UgfdfewuSXb+w
nPMNfoxhxPoujDMANLK072RY25G0aMSb/kcx05P8xQhZdxB4hVdcUBTa6/4Y
i9x10yCErdGgGJ0Wc7dEv+2vKJXZQm5pic6iOnhmriOb50rdm4c0045rM9ix
MgXz41xcSOnMXyZfGCZ9bFk3f10PGXuDZePgRzqfrd2bvewK01+RtFkNk8Pi
AfQ4HCuPal8LAVyL9t2VYC4bPb3/Conx9FqFFcxKjTBnLMQuYOkZt3V2BKPs
na9/bIElMeCHLzMCUeU394EM9tEsRivGcp3BRjvFL1y60uCyLyORTDphBC3P
IaqlKcudwoq+f2sf1KPMvHfOnzzVi/XLfffQ17SI3vgyurUd9VtyhD3Vm8yV
pYV12NTOgFKPx0Byy7FzE3MVsv7Q49i0S/whLY6KXQkU00UxG1P2+uDTYvl2
SwcJB6Gq8prVyTrHq19ndWAeUIg0U9BPMsOYNTO/47Zc+Qx2AZmHEkGGHlho
6jVzXxzoCi8nsbhtDMo9MB8Q9xV3+ZyJlyM=
=wpqI
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - rick at carback.us - 0185cad7.asc
Type: application/pgp-keys
Size: 3147 bytes
Desc: not available
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220318/af172eba/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - rick at carback.us - 0185cad7.asc.sig
Type: application/pgp-signature
Size: 566 bytes
Desc: not available
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220318/af172eba/attachment.sig>


More information about the cryptography mailing list