Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:33 ADT
Mike Rosing (eresrch@msn.fullfeed.com)
Fri, 17 Jul 1998 10:33:20 -0500 (CDT)
On 17 Jul 1998, Cicero wrote:
> Statistical tests can demonstrate failure, but not success. Any good
> PRNG will pass all such tests, with a seed of 0, and you know there is
> no entropy there. If Murry has a test that will distinguish a RNG
> from a PRNG I would be surprised.
That shouldn't be too hard really. A real random bit generator has to
fail when the frequency of data collection is too high, you can run a
pseudo generator on faster machines and get good stats out. I'd also
expect a RNG to fail stats tests more often, a PRNG should be pure white.
> You are correct here. I can verify that my hash really is the SHA-1
> in FIPS 180-1, and you can verify that your hardware design is one
> which has been just as extensively analysed. Can you cite an example
> of such a design?
Vincent wrote a whole book on random bit generation in 1972. I got the
book from the library and it sits at home. Check Ritter's web page for
the reference. In fact he's got a lot of papers, and many of them cover
the analysis of RNG's. I've started to read some of them, but it'll be a
while before I get thru most of 'em. I'll have more examples after I do.
> If you could demonstrate SHA-1 giving output that failed statistical
> tests, I'd be initially surprised, then (after verifying the
> experiment) very impressed. An analysis would ultimately show SHA-1
> broken, and yes, at that time I would chuck it. A single SHA-1 output
> with 0xdeadbeef in it would not cause me concern. If you produced a
> collision, that would be another matter.
2^160 is a big space to search, and the equations of any input to output
bit are very complex. Just because it has a "weak seed" for some 10
million bit range doesn't mean it's broken. That's not the same as a
collision, but the analysis of the input to ouput equations should help
in determining a collision.
> I can run specific test vectors to gain some confidence that my PRNG
> is the one that I think it is, but no tests that you can run will
> distinguish a correct RNG from a PRNG, or distinguish one RNG from
> another (unless one is broken), or give you confidence that your RNG
> is the one that you thought it was. If I switch your chip with one
> that produces 3DES OFB output, you can never find out without
> inspecting the hardware. The output will not differ from what you
> would expect.
That's part of my experiment. It will be very interesting to see what
the differences are. I suspect they are subtle, but visible. Real
measurement is better than conjecture :-)
Patience, persistence, truth,
Dr. mike
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:33 ADT