[onerng talk] review of RNGs

Paul Campbell paul at taniwha.com
Wed Jul 8 11:30:28 BST 2015


On Wed, 08 Jul 2015 21:47:44 phred53 wrote:
> I don't pretend to really understand but I couldn't see how CRC16, or for
> that matter any deterministic algorithm, "post processing" of the random
> data could _increase_ entropy,, but ent said it did. 

this is essentially the same observation I was making - I think it sort of 
calls into question the entropy number

On the other hand when I changed the sampling algorithm in OneRNG to pull more 
sampled bits/byte and to sample each bit more in time I did see ent's measure 
of our generated entropy pop up from ~7.7 to ~7.9 bits per byte - so it 
increases as I expected  

> In addition I can't
> help but be suspicious of any "improvements" in dieharder test results
> after whitening; didn't seem to be the case for OneRNG.

on the other hand this is a different issue - running entropy data through a 
CSPRNG will make something that's more likely to pass dieharder or pass it 
better - whitening has lots of forms, ours (CRC16 which makes an OK 16-bit RNG 
- as OK as you can get in 16-bits) has this effect just not as good

(I like to think of CRC16 as smearing the entropy together in time, kind of 
smoothing it out)

> which appears to indicate that entropy is really about the physics of the 
device; measuring a bit stream doesn't tell one the true entropy and I would 
add particularly if whitened.

well think about a software RNG with 100 bits of internal state initialised at 
start time - you can extract 1Gb of data and dieharder may love it, but it 
will still only have 100 bits of entropy in this sense - OneRNG is sort of the 
opposite: lots of real entropy, but maybe not the perfect RNG 

	Paul


More information about the Discuss mailing list