"Arnold G. Reinhold" says: > This result would seem to raise questions about SHA1 and MD5 as much > as about the quality of /dev/random and /dev/urandom. Naively, it > should be difficult to create input to these hash functions that > cause their output to fail any statistical test.
I would think that this would only be relevant if there was a correlation between inputs and outputs. Lack of entropic skew across the bits of the output shouldn't give any clues to the specific input, unless the outputs are clumping across the output space. Theoretically, the hash functions ought to be able to output every bit string in the output space, so you'd realistically expect a fair number of runs. You're right - it should be difficult to create inputs to the hash functions that cause their output to fail a distribution test, but doing so casts doubt on the randomness of the inputs, not the distribution space of the hash. At least I think that's right - it's been a while since I've thought about this. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]