[cryptography] urandom vs random
aaron.toponce at gmail.com
Wed Aug 21 18:44:06 EDT 2013
On Tue, Aug 20, 2013 at 05:33:05PM -0400, grarpamp wrote:
> The subject thread is covering a lot about OS implementations
> and RNG various sources. But what are the short list of open
> source tools we should be using to actually test and evaluate
> the resulting number streams?
As already mentioned in the thread, you can only identify a random source,
which in order to be truly random, must come from some chaotic random
source, such as radioactive decay. However, you can make statistical
judgements on the output, to determine if the source is 'random enough'.
This is where the Die Hard and FIPS 140-2 checks come into play. The trick
is sampling for a long period of time, rather than a few minutes here and
# timeout 1h rngtest < /dev/random
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is
NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
rngtest: starting FIPS tests...
rngtest: bits received from input: 79369360032
rngtest: FIPS 140-2 successes: 3965374
rngtest: FIPS 140-2 failures: 3094
rngtest: FIPS 140-2(2001-10-10) Monobit: 378
rngtest: FIPS 140-2(2001-10-10) Poker: 393
rngtest: FIPS 140-2(2001-10-10) Runs: 1205
rngtest: FIPS 140-2(2001-10-10) Long run: 1128
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=419.675; avg=25223.970; max=28892.382)Kibits/s
rngtest: FIPS tests speed: (min=6.227; avg=143.700; max=155.069)Mibits/s
rngtest: Program run time: 3600000102 microseconds
~.078% failure rate for these tests.
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 519 bytes
Desc: not available
More information about the cryptography