[Cryptech Tech] FIPS 140-2 test program

[Benedikt Stockebrand]

OK, last one for tonight:

> [rngtest/rng-tools]
> I havent tested it yet. Anybody used it?

Yes, I do.  You just want to be aware that it marks about 800ppm of its
input as "failures", which not only makes you jump when you first run it
on anything, but also means it skews whatever it lets through when used
as a filter to seed the Linux kernel CSPRNG.

Anyway, if you use it, expect about these failure rates:

  Total:           800ppm
  Monobit:         100ppm
  Poker:           100ppm
  Runs:            300ppm
  Long run:        300ppm
  Continuous run:  too rare to give any reliable numbers

I've only got these numbers by testing large volumes of output from
Linux and FreeBSD /dev/urandom on them, not by analyzing the algorithms,
but it should give you a basic idea.

Generally speaking, rngtest is good to get a quick indication if
something is *really* going wrong, but for a more definite result I
invariably use dieharder (options "-g 201 -f random.data.file -Y 1 -s 1
-k 2 -a").  That said, dieharder is also for PRNGs, not true HWRNGs.

Aside from that, FIPS140-2 in itself is somewhat dubious---they haven't
explained the rationale for the tests, but I traced them back at least
to Knuth's Art of Computer Programming, and they were originally to test
general purpose PRNGs.  Neither is there any explanation for the
thresholds defined, and they have removed the tests entirely from the -3
draft, again without any explanation that I know of.


Cheers,

    Benedikt

-- 
Benedikt Stockebrand,                   Stepladder IT Training+Consulting
Dipl.-Inform.                           http://www.stepladder-it.com/

          Business Grade IPv6 --- Consulting, Training, Projects

BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/