> The critical values for the statistical tests are set so that > p=.0001, so there should be one false positive (the null hypothesis > being that the data _are_ random) in 10,000 rekeyings. In that case > the right thing to do is simply to rekey -- though for a hardware > generator that fails the test, the conservative thing to do, I > believe, is to detach that particular random source, so that is the > behavior I intend to leave in place in that case.
Conservative, but not necessarily conrrect. Some systems stay up a long time, and if working hardware RNG get auto-detached whenever a 1-in-10000 test trips, long-lived systems _will_ lose their RNGs. I think this is suboptimal. Indeed, a hardware RNG that _didn't_ fail that test once in a while would be suspect. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
