[10148] in cryptography@c2.net mail archive
Re: Linux-style kernel PRNGs and the FIPS140-2 test
daemon@ATHENA.MIT.EDU (Adam Fields)
Tue Jan 15 19:23:34 2002
Message-Id: <200201160010.g0G0Ahl16560@sparkle.generation.net>
To: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: Thor Lancelot Simon <tls@reefedge.com>,
cryptography@wasabisystems.com
From: Adam Fields <fields@surgam.net>
In-reply-to: Your message of "Tue, 15 Jan 2002 17:52:01 EST."
<v04210102b86a621afded@[192.168.0.2]>
Date: Tue, 15 Jan 2002 19:10:43 -0500
"Arnold G. Reinhold" says:
> This result would seem to raise questions about SHA1 and MD5 as much
> as about the quality of /dev/random and /dev/urandom. Naively, it
> should be difficult to create input to these hash functions that
> cause their output to fail any statistical test.
I would think that this would only be relevant if there was a
correlation between inputs and outputs. Lack of entropic skew across
the bits of the output shouldn't give any clues to the specific input,
unless the outputs are clumping across the output
space. Theoretically, the hash functions ought to be able to output
every bit string in the output space, so you'd realistically expect a
fair number of runs.
You're right - it should be difficult to create inputs to the hash
functions that cause their output to fail a distribution test, but
doing so casts doubt on the randomness of the inputs, not the
distribution space of the hash.
At least I think that's right - it's been a while since I've thought
about this.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
