Re: Lightweight support for instruction RNGs

[Thor Lancelot Simon <tls%panix.com@localhost>]

On Tue, Dec 22, 2015 at 12:22:57PM -0500, Greg Troxel wrote:
> 
> I am only dimly following this, but I have two thoughts:
> 
>   I see the point that running randomness tests will not detect a
>   well-engineered attack.  But it probably will detect a large class of
>   implementation bugs, so it seems worth doing.

If you do such a test on the final output to userspace, it cannot catch
any implementation bug in any stage of the machinery prior to the CTR_DRBG.

Since there were no changes to the CTR_DRBG (or the driver that reads
its output) the proposed test cannot actually detect any implementation
bug that could have happened in the code I posted.

Running tests that one knows cannot actually find bugs is not a practice
I am eager to engage in.  In fact, when I catch developers writing "tests"
like that rather than real unit or regression test, I generally give them
hell.

Thor