tech-crypto archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Patch: rework kernel random number subsystem
> The critical values for the statistical tests are set so that
> p=.0001, so there should be one false positive (the null hypothesis
> being that the data _are_ random) in 10,000 rekeyings. In that case
> the right thing to do is simply to rekey -- though for a hardware
> generator that fails the test, the conservative thing to do, I
> believe, is to detach that particular random source, so that is the
> behavior I intend to leave in place in that case.
Conservative, but not necessarily conrrect. Some systems stay up a
long time, and if working hardware RNG get auto-detached whenever a
1-in-10000 test trips, long-lived systems _will_ lose their RNGs. I
think this is suboptimal.
Indeed, a hardware RNG that _didn't_ fail that test once in a while
would be suspect.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index