> On 06/19/2012 02:11 PM, coderman wrote: >> >> the sanity checks, being on die, are limited. you can't run DIEHARD >> against this in a useful manner because the DRBG obscures anything >> useful. > > I don't think there's anything useful diehard (specifically) is going to > tell you. > > The raw entropy source output would not be expected to pass diehard. The > CR report shows visible artifacts in that FFT graph. The entropy > estimation function one would apply to that source would likely be much > simpler than the diehard suite. Just a sanity check that the output is > actually changing once in a while would go a long way towards > eliminating the most common failure modes. > > On the other hand, the AES CTR DRBG output will always pass diehard, > whether it contains any entropy or not. >
Yup. Actually having a perfect source is a problem. It's much easier to test for a source with known defects that meet a well defined statistical model. With that you can build a test that the circuit is built correctly. You can also show it catches all SPOF and DPOF cases. You use other techniques to prove that if built right, the circuit will have a well defined min entropy in the output. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
