On 30 Jul 2008, at 21:33, Ben Laurie wrote:
For sure, it would be better if we could check the source code and
match the implemented RNG against an already known RNG.
But, then, there is a "the chicken or the egg" problem: how would you
ensure that a *new* RNG is a good source of "randomness" ?
On 30 Jul 2008, at 19:57, Pierre-Evariste Dagand wrote:
But just how GREAT is that, really? Well, we don'
t know. Why? Because there isn't actually a way test for
randomness. Your
DNS resolver could be using some easily predicted random number
generator
like, say, a linear congruential one,
> Date: Wed, 30 Jul 2008 21:22:59 +0200
> From: "Pierre-Evariste Dagand" <[EMAIL PROTECTED]>
> To: "Ben Laurie" <[EMAIL PROTECTED]>, cryptography@metzdowd.com
> Subject: Re: On the "randomness" of DNS
>
[...]
>
> For sure, it would be better if we could check the source code and
> match the impl
Ben Laurie writes:
> Oh, and I should say that number of ports and standard deviation are not
> a GREAT way to test for "randomness". For example, the sequence 1000,
> 2000, ..., 27000 has 27 ports and a standard deviation of over 7500,
> which looks pretty GREAT to me. But not very "random".
T
Pierre-Evariste Dagand wrote:
I doubt you can get a large enough sample in any reasonable time.
Indeed.
I don't see the point of evaluating the quality of a random number
generator by statistical tests.
Which is entirely my point.
I fear I was not clear: I don't see what is wrong in evalu
> I doubt you can get a large enough sample in any reasonable time.
Indeed.
> > I don't see the point of evaluating the quality of a random number
> > generator by statistical tests.
> Which is entirely my point.
I fear I was not clear: I don't see what is wrong in evaluating the
quality of a r
Pierre-Evariste Dagand wrote:
But just how GREAT is that, really? Well, we don'
t know. Why? Because there isn't actually a way test for randomness. Your
DNS resolver could be using some easily predicted random number generator
like, say, a linear congruential one, as is common in the rand() li
> But just how GREAT is that, really? Well, we don'
> t know. Why? Because there isn't actually a way test for randomness. Your
> DNS resolver could be using some easily predicted random number generator
> like, say, a linear congruential one, as is common in the rand() library
> function, but DN
On Jul 30, 2008, at 1:56 PM, Ben Laurie wrote:
Oh, and I should say that number of ports and standard deviation are
not a GREAT way to test for "randomness". For example, the sequence
1000, 2000, ..., 27000 has 27 ports and a standard deviation of over
7500, which looks pretty GREAT to me. B
I thought this list might be interested in a mini-rant about DNS source
port randomness on my blog: http://www.links.org/?p=352.
Ever since the recent DNS alert people have been testing their DNS
servers with various cute things that measure how many source ports you
use, and how "random" they
Begin forwarded message:
Date: Wed, 30 Jul 2008 12:36:36 -0400
From: Sara Caswell <[EMAIL PROTECTED]>
To: undisclosed-recipients:;
Subject: FIPS 198-1 announcement
The National Institute of Standards and Technology (NIST) is pleased to
announce approval of Federal Information Processing Stand
Secure64 Develops First Automated DNSSEC Signing Application to Help
Secure the Internet Worldwide
http://www.businesswire.com/news/google/20080730005428/en
from above:
Secure64 Software Corporation has developed a product that
dramatically simplifies the implementation and management of
DNSSEC
12 matches
Mail list logo