[Cryptech Tech] FIPS 140-2 test program
Benedikt Stockebrand
bs at stepladder-it.com
Mon Jul 14 23:59:20 UTC 2014
OK, last one for tonight:
> [rngtest/rng-tools]
> I havent tested it yet. Anybody used it?
Yes, I do. You just want to be aware that it marks about 800ppm of its
input as "failures", which not only makes you jump when you first run it
on anything, but also means it skews whatever it lets through when used
as a filter to seed the Linux kernel CSPRNG.
Anyway, if you use it, expect about these failure rates:
Total: 800ppm
Monobit: 100ppm
Poker: 100ppm
Runs: 300ppm
Long run: 300ppm
Continuous run: too rare to give any reliable numbers
I've only got these numbers by testing large volumes of output from
Linux and FreeBSD /dev/urandom on them, not by analyzing the algorithms,
but it should give you a basic idea.
Generally speaking, rngtest is good to get a quick indication if
something is *really* going wrong, but for a more definite result I
invariably use dieharder (options "-g 201 -f random.data.file -Y 1 -s 1
-k 2 -a"). That said, dieharder is also for PRNGs, not true HWRNGs.
Aside from that, FIPS140-2 in itself is somewhat dubious---they haven't
explained the rationale for the tests, but I traced them back at least
to Knuth's Art of Computer Programming, and they were originally to test
general purpose PRNGs. Neither is there any explanation for the
thresholds defined, and they have removed the tests entirely from the -3
draft, again without any explanation that I know of.
Cheers,
Benedikt
--
Benedikt Stockebrand, Stepladder IT Training+Consulting
Dipl.-Inform. http://www.stepladder-it.com/
Business Grade IPv6 --- Consulting, Training, Projects
BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/
More information about the Tech
mailing list