Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:21
David Honig (honig@sprynet.com)
Fri, 09 Apr 1999 07:34:07 -0700
At 01:23 PM 4/9/99, Peter Gutmann wrote:
>>I just generated some raw binary files with my BSD 3.0 (Walnut Creek)
>>/dev/random and then ran Maurer's Universal Statistical Test (blocksize=8
>>bits) on the result. MUST measured ~7.19 reliably on several indendent
runs.
>>This is the expected value for a uniformly distributed random sample.
>>
>>BSD's /dev/random is good.
>
>ITYM "Anything hashed with SHA-1 will pass a statistical test". You could
>have started it with a hardcoded, all-zero seed value and it'd still pass
the
>test. A better way to measure the effectiveness of entropy-gathering PRNG's
>is given in my 1998 Usenix security symposium paper,
>http://www.cs.auckland.ac.nz/~pgut001/pubs/random.pdf.
>
>Peter.
Absolutely a PRNG will pass (both MUST and Diehard) with flying colors.
If I hadn't looked at /usr/src/sys/i386/isa/random_machdep.c, I wouldn't
be able to tell the origin of the bits, and could be easily fooled.
(BTW, Ts'o used MD5 in the BSD routines..)
*Given* a physical source to start with, MUST is great for finding
appropriate levels of distillation. For instance, start with
FM hiss or radioactive decays, both are normally distributed.
As you increase the distillation (e.g., N in parity-of-N) of the
raw data, you will see MUST asymptote to its maximal value, as they
become uniformly distributed. (I've done these xpts).
I know of *no* way to distinguish a black box true RNG from a PRNG in
a finite amount of time. You have to get inside it.
In the BSD routines, various system interrupt times are logged;
pairs of intra-interrupt delays yield bits depending on interval comparisons.
DH
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:21