[onerng talk] Dieharder Test Failed with 256MB/512MB samples

Paul Campbell paul at taniwha.com
Thu Oct 4 18:45:47 BST 2018


On Friday, 5 October 2018 12:08:35 AM NZDT Victor Sun (孫國偉) wrote:
> I try to do this before.
> Insert OneRNG
> stty -F /dev/ttyACM0 raw -echo clocal -crtscts dd if=/dev/ttyACM0
> of=/media/sf_Downloads/OneRNG bs=256 count=4M iflag=fullblock & But I
> forgot to record it

you may need more than that (send it a "cmd0", "cmdO" etc)

> And I have some questions.
> How to verify the TRNG device is good or not.
> I only use dieharder to verify.

again it depends on how you define "good" - dieharder runs a lot of different 
tests - you have to look at the tests that fail and if they are repeatable - 
remember even a system with 'perfect randomness' will randomly fail some tests

I think that running ent on the raw data from a hardware RNG (IMHO ent is 
confused by whitening) is a reasonable way to compare devices

> Does an good TRNG device need NIST800-22 and AIS-31 LOGO or not?

really it depends on whether YOU need these (some people have regulatory 
requirements)  - these are standards you pay a lot for, we're an open source 
project aimed at device security rather than 'perfect' randomness (and as I 
mentioned before there is no perfect randomness)  - we couldn't afford the 
cost of that testing and keep the price point we have now 

I think that knowing that no device is perfect and reading a bit more data 
into a CSPRNG (as rngd does for us in the linux kernel) is the right way to 
approach this sort of issue

	Paul


More information about the Discuss mailing list