Secure64 Develops First Automated DNSSEC Signing Application to Help
Secure the Internet Worldwide
http://www.businesswire.com/news/google/20080730005428/en
from above:
Secure64 Software Corporation has developed a product that
dramatically simplifies the implementation and management of
Begin forwarded message:
Date: Wed, 30 Jul 2008 12:36:36 -0400
From: Sara Caswell [EMAIL PROTECTED]
To: undisclosed-recipients:;
Subject: FIPS 198-1 announcement
The National Institute of Standards and Technology (NIST) is pleased to
announce approval of Federal Information Processing
I thought this list might be interested in a mini-rant about DNS source
port randomness on my blog: http://www.links.org/?p=352.
Ever since the recent DNS alert people have been testing their DNS
servers with various cute things that measure how many source ports you
use, and how random they
On Jul 30, 2008, at 1:56 PM, Ben Laurie wrote:
Oh, and I should say that number of ports and standard deviation are
not a GREAT way to test for randomness. For example, the sequence
1000, 2000, ..., 27000 has 27 ports and a standard deviation of over
7500, which looks pretty GREAT to me.
But just how GREAT is that, really? Well, we don'
t know. Why? Because there isn't actually a way test for randomness. Your
DNS resolver could be using some easily predicted random number generator
like, say, a linear congruential one, as is common in the rand() library
function, but
Pierre-Evariste Dagand wrote:
But just how GREAT is that, really? Well, we don'
t know. Why? Because there isn't actually a way test for randomness. Your
DNS resolver could be using some easily predicted random number generator
like, say, a linear congruential one, as is common in the rand()
I doubt you can get a large enough sample in any reasonable time.
Indeed.
I don't see the point of evaluating the quality of a random number
generator by statistical tests.
Which is entirely my point.
I fear I was not clear: I don't see what is wrong in evaluating the
quality of a random
Pierre-Evariste Dagand wrote:
I doubt you can get a large enough sample in any reasonable time.
Indeed.
I don't see the point of evaluating the quality of a random number
generator by statistical tests.
Which is entirely my point.
I fear I was not clear: I don't see what is wrong in
Ben Laurie writes:
Oh, and I should say that number of ports and standard deviation are not
a GREAT way to test for randomness. For example, the sequence 1000,
2000, ..., 27000 has 27 ports and a standard deviation of over 7500,
which looks pretty GREAT to me. But not very random.
That's a
Date: Wed, 30 Jul 2008 21:22:59 +0200
From: Pierre-Evariste Dagand [EMAIL PROTECTED]
To: Ben Laurie [EMAIL PROTECTED], cryptography@metzdowd.com
Subject: Re: On the randomness of DNS
[...]
For sure, it would be better if we could check the source code and
match the implemented RNG
On 30 Jul 2008, at 19:57, Pierre-Evariste Dagand wrote:
But just how GREAT is that, really? Well, we don'
t know. Why? Because there isn't actually a way test for
randomness. Your
DNS resolver could be using some easily predicted random number
generator
like, say, a linear congruential
On 30 Jul 2008, at 21:33, Ben Laurie wrote:
For sure, it would be better if we could check the source code and
match the implemented RNG against an already known RNG.
But, then, there is a the chicken or the egg problem: how would you
ensure that a *new* RNG is a good source of randomness ?
12 matches
Mail list logo
