"Bit-bias is trivial to correct (see Shannon). Take a look at Prof.
Marsaglia's "Diehard" suite of statistical-structural tests for a real obstacle course. But no such "does it look random" test can tell good PRNG from TRNG. You must peek under the hood."
Indeed, as far a I understand it, no digital algorithm gives you "true" randomness..."randomness" in the digital world seems to represent a fairly relative term meaning something like "is the output of your RNG coupled in any meaningful way to the solution space of your application?" If the answer is yes, your RNG is no good. I remember a great discussion in "Numerical Recipes in C" which discussed very subtle coupling between an RNG and the application. One wonders then if even fairly sophisticated cryptography folks will have the necessary expertise to spot such coupling (for instance, certain RNGs may slightly emphasize the probability of certain subsets of primes...a cracker might write code which preferentially attacks those primes and thereby greatly decreasing cracking time).
So I guess the follow on question is: Even if you can look at the code of a RNG...how easy is it to determine if its output is "usefully random", or are there certain "Diffie-approved" RNGs that should always be there, and if not something's up?
From: "Major Variola (ret)" <[EMAIL PROTECTED]> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Subject: Re: Intel Security processor + a question Date: Mon, 21 Oct 2002 10:21:28 -0700At 07:40 PM 10/18/02 -0400, Tyler Durden wrote: >Well,I disagree about psuedo random number generation, sort of. >First, if I have PSR sequence of the known variety (ie, ANSI or ITU), and if >it's mapped to some telecom standard (DS-1/3, OC-3/12/48/192), then my test >set can and should be able to lock onto that sequence. This is true whether >that telecom signal is raw PRBS, or if it has been mapped into the payload >(you use different test sets). 1. Shift reg sequences are cryptographically weak. 2. Re-synch'ing with a PR stream is useful for some apps, true. 3. In crypto, we consider the adversary who claims to have a true RNG but instead is faking us out with an opaque PRNG. If We are not privvy to the PRNG algorithm (or key) then we can't tell if its truly random or not. >With encrypted info who knows? I would think that testing if there's monkey >business might boil down to algorithms--ie, if certain bit patterns happen >too often, then something's wrong... Bit-bias is trivial to correct (see Shannon). Take a look at Prof. Marsaglia's "Diehard" suite of statistical-structural tests for a real obstacle course. But no such "does it look random" test can tell good PRNG from TRNG. You must peek under the hood.
_________________________________________________________________
Get faster connections -- switch to MSN Internet Access! http://resourcecenter.msn.com/access/plans/default.asp
