| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140901215308.67212f2c@lambda> Date: Mon, 1 Sep 2014 21:53:08 +0000 From: Brandon Enright <bmenrigh@...ndonenright.net> To: Rich Felker <dalias@...c.org> Cc: discussions@...sword-hashing.net, bmenrigh@...ndonenright.net Subject: Re: [PHC] friendly warning about randomness tests -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 1 Sep 2014 17:17:40 -0400 Rich Felker <dalias@...c.org> wrote: > For reference with regard to how meaningless these tests are, a 32-bit > LCG with a trivial tempering function taken from MT applied to the > output can pass most if not all of dieharder. (I'd have to recheck to > confirm that it's all, but I seem to remember it being all when I was > developing that code.) > > Rich Yes. Nmap (the port scanner) uses a LCG with some basic tweaks to it for generating "random" IP addresses to be scanned without producing any duplicates before cycling through all 2^32 IPs (Nmap's -iR feature). This passes every Dieharder randomness test. It's probably not surprising but Dieharder doesn't have a check for treating the output as 32 bit numbers and then looking for expected duplicates. If it did though Nmap's PRNG would obviously fail. Randomness tests give me zero additional confidence in any candidate. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlQE6soACgkQqaGPzAsl94LbfgCcDZpnV5kv3cuwEstgLrRtKo47 O0cAn2DxtipbKaWfg/3eQ92LwIp8tpfz =gz70 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists