lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 1 Sep 2014 17:17:40 -0400
From: Rich Felker <>
Subject: Re: [PHC] friendly warning about randomness tests

On Mon, Sep 01, 2014 at 10:59:28PM +0200, Krisztián Pintér wrote:
> the diehard, testu01, dieharder, etc test suites are not cryptographic
> tools. failing these tests is a clear break, and at least calls for
> another postprocessing step (together with an assessment of actual
> entropy content of the raw output). however, passing such tests mean
> exactly nothing in crypto context.

For reference with regard to how meaningless these tests are, a 32-bit
LCG with a trivial tempering function taken from MT applied to the
output can pass most if not all of dieharder. (I'd have to recheck to
confirm that it's all, but I seem to remember it being all when I was
developing that code.)


Powered by blists - more mailing lists