Confirming Random numbers?
coderman
coderman at gmail.com
Mon Feb 19 10:27:59 PST 2007
On 2/19/07, Tyler Durden <camera_lumina at hotmail.com> wrote:
> ...
> Is it possible to verify that a remote random number generator is actually
> random?
remote or not doesn't add much to the difficulty of the question: "is
it _truly_ random?"
lots of statistical tests to confirm that a given distribution of bits
IS NOT, but nothing to prove IT IS. and by IS NOT, i mean
sufficiently improbable to be random, thus considered not random.
even a true hw rng could throw all bits set given enough chances.
it's easy for a remote peer to fool such statistical tests: check the
output of AES-CBC keyed with all zeros. there is almost no actual
entropy (in the keys) yet the output appears to be random, and you
would (in theory) not be able to distinguish without the key used.
if you look at the various hw rng daemons they often to some FIPS
sanity checks on the input but leave it at that. the idea is that
failed hardware will start producing FIPS failures and can be
detected.
More information about the cypherpunks-legacy
mailing list