On Wed, Feb 06, 2002 at 10:06:46AM +1100, Greg Rose wrote: > At this point I am detecting a pattern... So, I'm afraid it isn't true that > it will pick up even these simple linear sequences. (An LFSR of length 12 > only generates 4095 bits, repeated about 5 times!) I find this less > surprising, actually. LFSR output "looks" random in some more fundamental > sense.
The FIPS 140 statistical tests are not designed to be used to test the 'goodness' of a design. (That is not what the self-tests in a FIPS module are there for, in general) It is assumed that the implemented PRNG (Deterministic RNG in FIPS 140-2 parlance) has been evaluated to verify that it is one of the approved algorithms. These algorithms have already undergone extensive design analysis, including extensive statistical analysis. In a FIPS module, the statistical random number generator tests are present to verify that nothing has gone horribly, horribly awry. Think of it as one step better than the continuous random number generator conditional test (which, BTW, will pass outputs that simply alternate between two values). Ok, so what about _true_ RNGs? (Non-Deterministic RNGs, in FIPS 140-2 parlance) Well, you're only allowed to use "approved" designs to produce keys and provide inputs to key exchange/agreement protocols. (Note that the _design_ analysis has to occur as a separate process leading up to the design's approval). At the moment, there aren't any approved designs. (Ok, in truth, there just aren't any publicly available. You are allowed to use any Non-Deterministic RNG approved for Classified use) If you're trying to do a _design_ analysis, you need to use a set of tests considerably more extensive than the FIPS 140 Statistical tests. If you're just testing to see if your particular piece of hardware has failed, it works reasonably well. Josh --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]