[10416] in cryptography@c2.net mail archive
RE: Welome to the Internet, here's your private key
daemon@ATHENA.MIT.EDU (Greg Rose)
Thu Feb 7 14:17:46 2002
Message-Id: <4.3.1.2.20020207065358.01e5a9f8@127.0.0.1>
Date: Thu, 07 Feb 2002 06:56:36 +1100
To: pgut001@cs.auckland.ac.nz (Peter Gutmann)
From: Greg Rose <ggr@qualcomm.com>
Cc: ggr@qualcomm.com, yeoh@cs.wisc.edu,
cryptography@wasabisystems.com, frantz@pwpconsult.com
In-Reply-To: <200202061655.FAA86528@ruru.cs.auckland.ac.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 05:55 AM 2/7/2002 +1300, Peter Gutmann wrote:
>Greg Rose <ggr@qualcomm.com> writes:
>
> >While priming the RC4 table, I accidentally filled the data buffer instead
> >(D'oh!) with consecutive byte values 0x00, 0x01, ... 0xFF, 0x00, ...
> >
> >This very much passes the FIPS 140 tests for randomness, despite being
> nothing
> >like it:
>
>A generic order-0 entropy estimator (think Huffman coder) will pass this,
>because each symbol occurs with equal probability. The reason this is a
>problem is because any introductory information theory text will give the
>standard formula for entropy estimation (H = -sum(prob(x) * log(
>prob(x)))) and
>users will either stop reading there or the text won't go any further.
But it is interesting that, had the FIPS test worked on a multiple of 256
bytes, it would have caught it, because it uses a two-sided ChiSquare test.
In other words, perfect frequency distribution (of nybbles) is also
something it will reject... but it wasn't perfect because a sequence
stopped early.
Greg.
Greg Rose INTERNET: ggr@qualcomm.com
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
