[Cryptech Tech] SHA-2 security and RNG verification

Philipp Gühring pg at futureware.at
Sat Jun 6 16:18:20 UTC 2015

Previous message (by thread): [Cryptech Tech] SHA-2 security and RNG verification
Next message (by thread): [Cryptech Tech] SHA-2 security and RNG verification
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

> Joachim Strömbergson wrote:
> >> PS: I haven´t noticed a submission of your generated random
> >> numbers on my RNG testsite yet, so I would like to invite you to
> >> use it: http://www.cacert.at/random/
> 
> I took a look at the website and the results. It seems that the maximum
> data submitted be entries is 1 GByte, and quite a few are something
> like
> 100 MByte and even less. The web interface accepts as little as 12
> MByte. Do you think it is really possible to do a good judgement of the
> random generators with that amount of data?

Good question!
Well, 12 MB helped in the past to detect broken random number generators,
contact the vendors and got them to fix them.

On the other hand, I wanted to not discriminate against slow random number
generators, as much as possible. Someone rolling dice manually or even
automated should be acceptable.
I think the 12 MB limit is still quite a good limit, because if the random
number generator is so broken that you can detect it, in 99.99% of the
cases, you should be able to detect the brokenness in the first 12 MB. My
guess is that with only 0.01% of the cases, you really need more than 12
MB and less than 1TB to detect it.
Clever RNGs that are well engineered and still backdoored to be insecure I
think are likely unlikely to be detectable within terabytes, petabytes or
even larger amounts of testvectors.
My test-service can´t proove the security of the random numbers tested,
but it can and did detect problems and help to get them solved.

A problem I think exists is that most of the diehard tests I am currently
using are made in a way that they take the 100 first 1000 floats of the
file and analyze them, so they most likely never look beyond those 12 MB
to detect problems. (I wanted to "upgrade" to from DIEHARD to dieharder,
but I didn´t succeed, perhaps I will try again sometime)

In the beginning I hoped I would get perhaps 20 submissions ever, after
about 10 submissions people found out about it and I did not had to ask
everyone on my own to submit them, and about 2 months ago, I had to
dedicate a 1TB harddisk in the server to this project, since it was eating
up the free space from the other applications running there.

By the way, if anyone is interested, I also accept submissions on DVDs or
harddisks. (I once got CDs filled with random numbers from a vendor
lacking decent internet connection)

Best regards,
Philipp Gühring

Previous message (by thread): [Cryptech Tech] SHA-2 security and RNG verification
Next message (by thread): [Cryptech Tech] SHA-2 security and RNG verification
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list