Re: Intel announcements at RSA '99

David Honig (honig@sprynet.com)
Fri, 22 Jan 1999 09:19:48 -0800

• Next message: Mok-Kong Shen: "Re: Intel announcements at RSA '99"
• Previous message: James A. Donald: "Re: Intel announcements at RSA '99"

At 06:01 PM 1/22/99 +0100, Mok-Kong Shen wrote:
>David Honig wrote:
>>
>> At 11:42 AM 1/22/99 +0100, Mok-Kong Shen wrote:
>> >one wants to be more certain. BTW, I suppose that it is always
>> >a good idea to mix the output of a hardware RNG with that of a
>> >software PRNG.
>> >
>> >M. K. Shen
>>
>> Hmm. This must be done correctly; otherwise the PRNG can introduce
>> structure into the output stream. Remember that an RNG conditioning
>> algorithm,
>> unlike a PRNG, does *not* appear random by itself, and will never fool a
>> random-test,
>> whereas a PRNG may. Because the PRNG can hide a RNG failure, this might
>> be a bad idea.
>
>I hope you would kindly explain a bit of what you mean by 'hide a
>failure'.

Will do.

You've got a random source, say the clicks /sec from a geiger counter.
You will need to 'distill' this, lets say you use a simple conditioner,
parity. Now lets say your geiger counter dies. Any randomness test
will see this failure of your entropy source.

Now suppose you have a good PRNG, which can pass your randomness test
all by itself, with no input. Then if you mix this with your geiger
data, and your geiger tube dies, this will NOT show up in your randomness
test.

> suppose if something is hidden and can't be detected by
>all means available,

If something is hidden and can't be detected at all, you can start a religion
about it, but its rude to talk about in public :-)

> BTW, which tests to use is
>itself a debatable issue in practice, I am afraid.

Yes, you need an infinity of tests. But it *is* possible to
say that if samples repeatedly fail some test for structure, the generator
isn't random. The problem is identifying that structure.

But its not easy to get through Marsaglia's
Diehard suite, and Maurer's entropy metric is useful too.
(If you get through Diehard you'll pass the relevant part of the
relevent FIPS) Know any others?

• Next message: Mok-Kong Shen: "Re: Intel announcements at RSA '99"
• Previous message: James A. Donald: "Re: Intel announcements at RSA '99"