[onerng talk] Dieharder Test Failed with 256MB/512MB samples
Paul Campbell
paul at taniwha.com
Thu Oct 4 18:45:47 BST 2018
On Friday, 5 October 2018 12:08:35 AM NZDT Victor Sun (孫國偉) wrote:
> I try to do this before.
> Insert OneRNG
> stty -F /dev/ttyACM0 raw -echo clocal -crtscts dd if=/dev/ttyACM0
> of=/media/sf_Downloads/OneRNG bs=256 count=4M iflag=fullblock & But I
> forgot to record it
you may need more than that (send it a "cmd0", "cmdO" etc)
> And I have some questions.
> How to verify the TRNG device is good or not.
> I only use dieharder to verify.
again it depends on how you define "good" - dieharder runs a lot of different
tests - you have to look at the tests that fail and if they are repeatable -
remember even a system with 'perfect randomness' will randomly fail some tests
I think that running ent on the raw data from a hardware RNG (IMHO ent is
confused by whitening) is a reasonable way to compare devices
> Does an good TRNG device need NIST800-22 and AIS-31 LOGO or not?
really it depends on whether YOU need these (some people have regulatory
requirements) - these are standards you pay a lot for, we're an open source
project aimed at device security rather than 'perfect' randomness (and as I
mentioned before there is no perfect randomness) - we couldn't afford the
cost of that testing and keep the price point we have now
I think that knowing that no device is perfect and reading a bit more data
into a CSPRNG (as rngd does for us in the linux kernel) is the right way to
approach this sort of issue
Paul
More information about the Discuss
mailing list