[Cryptech Tech] FIPS 140-2 test program

Joachim Strömbergson joachim at secworks.se
Tue Jul 15 06:59:59 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Benedikt Stockebrand wrote:
> Yes, I do.  You just want to be aware that it marks about 800ppm of
> its input as "failures", which not only makes you jump when you first
> run it on anything, but also means it skews whatever it lets through
> when used as a filter to seed the Linux kernel CSPRNG.
> 
> Anyway, if you use it, expect about these failure rates:
> 
> Total:           800ppm Monobit:         100ppm Poker:
> 100ppm Runs:            300ppm Long run:        300ppm Continuous
> run:  too rare to give any reliable numbers

Great info, thanks!


> Generally speaking, rngtest is good to get a quick indication if 
> something is *really* going wrong, but for a more definite result I 
> invariably use dieharder (options "-g 201 -f random.data.file -Y 1 -s
> 1 -k 2 -a").

Yes, Dieharder is what I use too. And ent. But we really need good test
suites and test programs implementing them (see another mail on my sorry
efforts at collecting requirements, tests and code) - for the entropy
sources as well as the stages through the RNG chain and for the CSPRNG
output.


> Aside from that, FIPS140-2 in itself is somewhat dubious---they
> haven't explained the rationale for the tests, but I traced them back
> at least to Knuth's Art of Computer Programming, and they were
> originally to test general purpose PRNGs.  Neither is there any
> explanation for the thresholds defined, and they have removed the
> tests entirely from the -3 draft, again without any explanation that
> I know of.

OT: I actually ponied up and payed for the complete Art of Computer
Programming package (all four books) as summer reading.

FIPS 140-2 is important because it is what is used for Cryptech-like
things and will be asked about. But we should not constrain us to FIPS
140-2 (and AIS31 etc for that matter). The more complete we can be and
show good results to anybodys favourite test/test suite the better. We
therefore need to know about them and use them all. imho.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJTxNFvAAoJEF3cfFQkIuyNkvkP/iep3PNPab054eOFQ+9aN4s1
R4gO3wE+Z/deixsyS1CVVrtYCwhpCskAS7J5rd5yrRPkMRIFhaO8ff5hj34ls4zg
kYWn/zW2Jy/9KnlXlGLtiPiPwDjUheHyYwYBglD5ZCWcX4kImayVO9AITyTrKQCP
QGIK3HTV+n3N9shTJ18sCnhGzyfKRIqnLItftG216GoAPVm5OPn7klVQSdJO1ZFG
YjKsrxKJnnSqn+OzalMWtBIsAwgLNpZQGKAHz3e4+cwgczET+jGrm5MiIAHte1rd
fI8rXgZaTwWzXJFP8cYKLuNU+rXd41d69ntoDC814AtPj0ynDSNniWGZ58uXFABV
ZukXRuA3rVG16B36EwtEzkX6471TsdtyusJs/5jjEmKXR5knsijPzFP3xXc7aiyq
y8dGWglmY1i/A+sLk54TSrnWAXcA/KKq5jos+lr8Wjdr3U38jxFHormeDVJbN5xm
BcerKlwMGB97+/dvZzcbmuWvDAeI8TvUbQOL7HLwvkbG1gIdP8M/CFjkHBtQMo50
fUjMTS511etmrUtVU83hgbrsE5e5ITu/211txwXShCVg6SvEse57Sj1e3q9ehsyF
XJmItMzTuUue6QZ3BqQyOpqQJ2VYJLHRaAcNKx9pgzdn0dpUUxMQ/lDjMf7vCxpr
25nRbaB1gpGaVws9C0pP
=ajB9
-----END PGP SIGNATURE-----


More information about the Tech mailing list