From: Christopher Nielsen <nielsenc@upgrade.com>
Date: Tue, 19 Sep 95 11:18:41 PDT
To: "Erik E. Fair" (Time Keeper) <fair@clock.org>
Subject: Re: Verification of Random Number Generators
In-Reply-To: <v02110102ac849090d9fe@[17.255.9.110]>
Message-ID: <199509191817.OAA05143@upgrade.com>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 19 Sep 1995 09:04:29 -0700  
"Erik E. Fair" wrote:
--------
>> 
>> Just an idle thought: it might be possible to do a probabalistic
>> verification of a RNG by sampling it over some number of samples, and
>> statistically analyzing the sample space. This would be analysis under the
>> model of "RNG as black box" as opposed to (or rather, if you're smart, in
>> addition to) code inspection & review. Any statisticians among us?
>> 
>> Erik Fair
>> 

But statistical tests of randomness alone do not make a good RNG.
At least, not for cryptographic use. A cryptographically secure
RNG is also unpredictable, i.e., computationally unfeasible to
predict the next random bit will be given the algorithm, and not
reliably reproduced, i.e., multiple runs with the exact same input
do not generate the same sequence.

-Chris

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Christopher Nielsen                               UCA&L
System and Network Administrator                  Buffalo, New York
(nielsenc@upgrade.com)                            #include <disclaimer.h>