[onerng talk] review of RNGs
Paul Campbell
paul at taniwha.com
Wed Jul 8 11:30:28 BST 2015
On Wed, 08 Jul 2015 21:47:44 phred53 wrote:
> I don't pretend to really understand but I couldn't see how CRC16, or for
> that matter any deterministic algorithm, "post processing" of the random
> data could _increase_ entropy,, but ent said it did.
this is essentially the same observation I was making - I think it sort of
calls into question the entropy number
On the other hand when I changed the sampling algorithm in OneRNG to pull more
sampled bits/byte and to sample each bit more in time I did see ent's measure
of our generated entropy pop up from ~7.7 to ~7.9 bits per byte - so it
increases as I expected
> In addition I can't
> help but be suspicious of any "improvements" in dieharder test results
> after whitening; didn't seem to be the case for OneRNG.
on the other hand this is a different issue - running entropy data through a
CSPRNG will make something that's more likely to pass dieharder or pass it
better - whitening has lots of forms, ours (CRC16 which makes an OK 16-bit RNG
- as OK as you can get in 16-bits) has this effect just not as good
(I like to think of CRC16 as smearing the entropy together in time, kind of
smoothing it out)
> which appears to indicate that entropy is really about the physics of the
device; measuring a bit stream doesn't tell one the true entropy and I would
add particularly if whitened.
well think about a software RNG with 100 bits of internal state initialised at
start time - you can extract 1Gb of data and dieharder may love it, but it
will still only have 100 bits of entropy in this sense - OneRNG is sort of the
opposite: lots of real entropy, but maybe not the perfect RNG
Paul
More information about the Discuss
mailing list