Mailing List Archive: A useful test prog

A useful test prog

Jun 7, 2004, 7:59 PM

Post #1 of 4 (691 views)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Attached is a test prog for the tests/ subdir. This small prog
will dump a specified number of random bytes to a file for use
by statistical analyzers. Note that you'll need to modify the
Makefile.am file so that it will automatically compile.

I wrote this while testing my changes to the Win32 entropy
gatherer. I figure that other people might be interested in
running their own tests.

I offer this code under the LGPL. I can also relinquish my
copyright upon it if the libgcrypt team chooses to include it
in the official package.

- low halo

- --
low halo <lowhalo at-s1gn hacktivismo d0t c0m>
Defender of Truth and Liberty
http://ultramagnetic.sourceforge.net/
http://www.hacktivismo.com/

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AFB17F6
9AB1 FF04 016F 89A3 5B4E A585 BDBB 5FBE 3AFB 17F6

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Your Mother)

iD8DBQFAxStQvbtfvjr7F/YRAsLKAJ0dzUAQpx85G63wqp9eGu90pBBfYgCdGn+A
f6Cujde8xc10TcKBPVMLMSg=
=axdu
-----END PGP SIGNATURE-----

Re: A useful test prog [ In reply to ]

wk at gnupg

Jun 8, 2004, 12:54 PM

Post #2 of 4 (685 views)

Permalink

On Mon, 7 Jun 2004 19:59:40 -0700, low halo, Defender of Truth and Liberty said:

> Attached is a test prog for the tests/ subdir. This small prog
> will dump a specified number of random bytes to a file for use
> by statistical analyzers. Note that you'll need to modify the

It is a common mistake to believe that any statictical analysys will
give you information on the quality of an RNG like the one used in
GnuPG. Note, that the output is passed through a hash function and
the only thing you may be able to check is whether the hash function
works as desired.

To analyse a RNG you have to scrutinize the code.

Salam-Shalom,

Werner

Re: A useful test prog [ In reply to ]

lowhalo at hush

Jun 8, 2004, 6:23 PM

Post #3 of 4 (682 views)

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> To analyse a RNG you have to scrutinize the code.

I agree with you here, but I believe that black-box testing
the PRNG can give you a separate (and useful) point of view.
The DIEHARD and ENT tests cannot tell you that the PRNG is
good, but they can hint that there is a problem--one that
your eyes perhaps missed during the code review.

Given that (almost) all cryptographic operations depend
upon random numbers, I think that it is worth it to take the
extra step and run the bytes through analyzers. There just
seems too much at risk to neglect this step.

- low halo

- --
low halo <lowhalo at-s1gn hacktivismo d0t c0m>
Defender of Truth and Liberty
http://ultramagnetic.sourceforge.net/
http://www.hacktivismo.com/

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AFB17F6
9AB1 FF04 016F 89A3 5B4E A585 BDBB 5FBE 3AFB 17F6

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Your Mother)

iD8DBQFAxmYdvbtfvjr7F/YRAqsSAJ0WqGlCXyw5D5onGruRfsXH1ElM/wCfdgtJ
WI6ZRI19ngAO1dkzzBigwrk=
=WoEk
-----END PGP SIGNATURE-----

Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Re: A useful test prog [ In reply to ]

wk at gnupg

Jun 9, 2004, 5:17 AM

Post #4 of 4 (683 views)

Permalink

On Tue, 8 Jun 2004 18:23:41 -0700, low halo, Defender of Truth and Liberty said:

> I agree with you here, but I believe that black-box testing
> the PRNG can give you a separate (and useful) point of view.
> The DIEHARD and ENT tests cannot tell you that the PRNG is

Just compress a few K of random and you will note a fatal flwa
immediatley. Diehard is useless overkill.

Werner

Mailing List Archive

Mailing List Archive

Attached Files: