On Aug 3, 2008, at 13:54, Alexander Klimov wrote:
If your p-value is smaller than the significance level (say, 1%)
you should repeat the test with different data and see if the
test persistently fails or it was just a fluke.
Or better still, make many tests and see if your p-values are
On Mon, 4 Aug 2008, Stephan Neuhaus wrote:
Or better still, make many tests and see if your p-values are
uniformly distributed in (0,1). [Hint: decide on a p-value for that
last equidistribution test *before* you compute that p-value.]
Of course, there are many tests for goodness of fit
Hi Ben,
http://www.cacert.at/cgi-bin/rngresults
Are you seriously saying that the entropy of FreeBSD /dev/random is 0?
Thanks for the notice, that was a broken upload by a user.
Best regards,
Philipp Gühring
-
The
On Thu, 31 Jul 2008, Pierre-Evariste Dagand wrote:
Just by curiosity, I ran the Diehard tests[...]
Sum-up for /dev/random:
Abnormally high value: 0.993189 [1]
Abnormally low value: 0.010507 [1]
Total: 2
Sum up for Sha1(n):
Abnormally high values: 0.938376, 0.927501 [2]
Abnormally low
SHA-1(1), SHA-1(2), SHA-1(3), ... SHA-1(N) will look random, but clearly is
not.
Just by curiosity, I ran the Diehard tests on /dev/random (FreeBSD
7.0) and a sha1 sequence of [ 1 ... N ]. Both random files are 63 Mb.
I know that there has been some controversy about /dev/random of
FreeBSD on
Ben wrote:
But just how GREAT is that, really? Well, we don'
t know. Why? Because there isn't actually a way test for randomness. Your
DNS resolver could be using some easily predicted random number generator
like, say, a linear congruential one, as is common in the rand() library
Dirk-Willem van Gulik wrote:
I fail to see how you could evaluate this without seeing the code (and
even then - I doubt that one can properly do this -- the ?old? NSA habit
of tweaking your random generated rather than your protocol/algorithm
when they wanted your produced upgraded to export
Hi,
I would suggest to use http://www.cacert.at/random/ to test the
randomness of the DNS source ports. Due to the large variety of
random-number sources that have been tested there already, it's useful
as a classification service of unknown randomly looking numbers.
You just have to collect
I thought this list might be interested in a mini-rant about DNS source
port randomness on my blog: http://www.links.org/?p=352.
Ever since the recent DNS alert people have been testing their DNS
servers with various cute things that measure how many source ports you
use, and how random
On Jul 30, 2008, at 1:56 PM, Ben Laurie wrote:
Oh, and I should say that number of ports and standard deviation are
not a GREAT way to test for randomness. For example, the sequence
1000, 2000, ..., 27000 has 27 ports and a standard deviation of over
7500, which looks pretty GREAT to me.
But just how GREAT is that, really? Well, we don'
t know. Why? Because there isn't actually a way test for randomness. Your
DNS resolver could be using some easily predicted random number generator
like, say, a linear congruential one, as is common in the rand() library
function, but DNS
Pierre-Evariste Dagand wrote:
But just how GREAT is that, really? Well, we don'
t know. Why? Because there isn't actually a way test for randomness. Your
DNS resolver could be using some easily predicted random number generator
like, say, a linear congruential one, as is common in the rand
I doubt you can get a large enough sample in any reasonable time.
Indeed.
I don't see the point of evaluating the quality of a random number
generator by statistical tests.
Which is entirely my point.
I fear I was not clear: I don't see what is wrong in evaluating the
quality of a random
Pierre-Evariste Dagand wrote:
I doubt you can get a large enough sample in any reasonable time.
Indeed.
I don't see the point of evaluating the quality of a random number
generator by statistical tests.
Which is entirely my point.
I fear I was not clear: I don't see what is wrong in
Ben Laurie writes:
Oh, and I should say that number of ports and standard deviation are not
a GREAT way to test for randomness. For example, the sequence 1000,
2000, ..., 27000 has 27 ports and a standard deviation of over 7500,
which looks pretty GREAT to me. But not very random.
That's a
Date: Wed, 30 Jul 2008 21:22:59 +0200
From: Pierre-Evariste Dagand [EMAIL PROTECTED]
To: Ben Laurie [EMAIL PROTECTED], cryptography@metzdowd.com
Subject: Re: On the randomness of DNS
[...]
For sure, it would be better if we could check the source code and
match the implemented RNG
On 30 Jul 2008, at 19:57, Pierre-Evariste Dagand wrote:
But just how GREAT is that, really? Well, we don'
t know. Why? Because there isn't actually a way test for
randomness. Your
DNS resolver could be using some easily predicted random number
generator
like, say, a linear congruential one
On 30 Jul 2008, at 21:33, Ben Laurie wrote:
For sure, it would be better if we could check the source code and
match the implemented RNG against an already known RNG.
But, then, there is a the chicken or the egg problem: how would you
ensure that a *new* RNG is a good source of randomness ?
18 matches
Mail list logo
