Similar site aiming to detect defects in various ciphers and hashes:
http://defectoscopy.com/
...where block ciphers can be compared against stream ciphers,
asymmetric ciphers and hash functions in their quality determined by
the security of each individual component as well as their
combination.
Hi,
Ok, now I did the first test.
I took OpenSSL, generated 1 RSA keys, and took them apart.
First I analyzed the raw keys:
--
~~ ./ent RNGQA/openssl-keys-raw.random
Entropy = 7.992782 bits per byte.
Optimum compression would reduce the size
Philipp Gühring wrote:
I took OpenSSL, generated 1 RSA keys, and took them apart.
First I analyzed the raw keys:
Try this:
Generate 256000 bytes from MD5(i), i=1...16000 and run the same tests. That is
clearly not acceptable as a PRNG because it is completely predictable if you
know that
--
John Kelsey wrote:
To assess a cryptographic PRNG, you need to know two things:
a. If it had a starting point or seed which was impossible to
guess, would you be able to find any problems with its outputs?
b. Does it get a starting point or seed which is impossible to
guess?
Philipp =?utf-8?q?G=C3=BChring?= [EMAIL PROTECTED] writes:
What is wrong with the following black-box test?
* Open browser
* Go to a dummy CA's website
* Let the browser generate a keypair through the keygen or cenroll.dll
* Import the generated certificate
* Backup the certificate together with
Hi Peter,
Easily solveable bureaucratic problems are much simpler than unsolveable
mathematical ones.
Perhaps there is some mis-understanding, but I am getting worried that the
common conception seems to be that it is an unsolveable problem.
What is wrong with the following black-box test?
In message [EMAIL PROTECTED], Philipp =?utf-8?q?G=C3=BChrin
g?= writes:
Hi Peter,
Easily solveable bureaucratic problems are much simpler than unsolveable
mathematical ones.
Perhaps there is some mis-understanding, but I am getting worried that the
common conception seems to be that it is an
Hi,
I have been asked by to verify the quality of the random numbers which are
used for certificate requests that are being sent to us, to make sure that
they are good enough, and we don´t issue certificates for weak keys.
The client applications that generate the keys and issue the
On Thu, 22 Dec 2005, Philipp [iso-8859-1] G?hring wrote:
I have been asked by to verify the quality of the random numbers which are
used for certificate requests that are being sent to us, to make sure that
they are good enough, and we don?t issue certificates for weak keys.
Consider an
On Thu, Dec 22, 2005 at 10:28:47AM +0100, Philipp G?hring wrote:
I think the better way would be if I had a possibility to verify the quality
of the random numbers used in a certificate request myself, without the
dependence on the vendor.
This is impossible. You don't see the raw random
Hi Travis,
The only thing is, you cannot test in randomness,
That´s true, but I can test non-randomness. And if I don´t detect
non-randomness, I can assume randomness to a certain extent.
and it is an abuse
of statistics to make predictions about individual events --
Wasn´t that one of
Philipp G#ring [EMAIL PROTECTED] writes:
I have been asked by to verify the quality of the random numbers which are
used for certificate requests that are being sent to us, to make sure that
they are good enough, and we don´t issue certificates for weak keys.
Go tell whoever wrote your
Victor Duchovni [EMAIL PROTECTED] writes:
On Thu, Dec 22, 2005 at 10:28:47AM +0100, Philipp G?hring wrote:
I think the better way would be if I had a possibility to verify the quality
of the random numbers used in a certificate request myself, without the
dependence on the vendor.
This is
13 matches
Mail list logo
