[cryptography] urandom vs random

Aaron Toponce aaron.toponce at gmail.com
Wed Aug 21 18:44:06 EDT 2013


On Tue, Aug 20, 2013 at 05:33:05PM -0400, grarpamp wrote:
> The subject thread is covering a lot about OS implementations
> and RNG various sources. But what are the short list of open
> source tools we should be using to actually test and evaluate
> the resulting number streams?

As already mentioned in the thread, you can only identify a random source,
which in order to be truly random, must come from some chaotic random
source, such as radioactive decay. However, you can make statistical
judgements on the output, to determine if the source is 'random enough'.
This is where the Die Hard and FIPS 140-2 checks come into play. The trick
is sampling for a long period of time, rather than a few minutes here and
there.

    # timeout 1h rngtest < /dev/random
    rngtest 2-unofficial-mt.14
    Copyright (c) 2004 by Henrique de Moraes Holschuh
    This is free software; see the source for copying conditions.  There is
    NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
    PURPOSE.

    rngtest: starting FIPS tests...
    rngtest: bits received from input: 79369360032
    rngtest: FIPS 140-2 successes: 3965374
    rngtest: FIPS 140-2 failures: 3094
    rngtest: FIPS 140-2(2001-10-10) Monobit: 378
    rngtest: FIPS 140-2(2001-10-10) Poker: 393
    rngtest: FIPS 140-2(2001-10-10) Runs: 1205
    rngtest: FIPS 140-2(2001-10-10) Long run: 1128
    rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
    rngtest: input channel speed: (min=419.675; avg=25223.970; max=28892.382)Kibits/s
    rngtest: FIPS tests speed: (min=6.227; avg=143.700; max=155.069)Mibits/s
    rngtest: Program run time: 3600000102 microseconds

~.078% failure rate for these tests.

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 519 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130821/cf9a7647/attachment-0001.asc>


More information about the cryptography mailing list