There was an error in the bounds for the runs test specified by NIST; last october they updated FIPS 140-2 to specify new bounds. An updated version of my code can be found at http://people.qualcomm.com/ggr/QC/ (our old web pages are stale, and I'm still trying to have them taken down by our ex-ISP).
Here's an excerpt from the comment in the new code: * Version 1.3 -- Bill Chauncey and his colleages pointed out to NIST that * the bounds in the runs test were incorrect. * They issued an update 2001-oct-10. If the new one still shows an anomalous number of runs test failures, there is a real problem. regards, Greg. At 03:23 PM 1/15/2002 -0500, Thor Lancelot Simon wrote: >Many operating systems use "Linux-style" (environmental noise >stirred with a hash function) generators to provide "random" >and pseudorandom data on /dev/random and /dev/urandom >respectively. A few modify the general Linux design by adding an >output buffer which is not stirred so that bits which have already >been output are not stirred into the pool of "new" "random" data >(IMO, not doing this is insane, but that's a different subject). > >The enclosed implementation of the FIPS140-1/2 statistical test >appears to show that such generators fail the "runs" test quite >regularly. Interestingly, the Linux generator seems to do better >the longer you let it run (which, perhaps, suggests that quite a >bit of data should be run through it at boot time and discarded) >but other, related generators do not. > >The usual failure mode is "too many runs of 1 1s". Using MD5 >instead of SHA1 as the mixing function, the Linux generator >also displays "too many runs of 1 0s". I have not yet seen >other failure modes from these generators. > >To reproduce my results, just compile the enclosed and do >"a.out < /dev/urandom" on your platform of choice. > >Thor Greg Rose INTERNET: [EMAIL PROTECTED] Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199 Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/ Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
