I wrote: > >the thermodynamics of electrical circuits, costing > >next to nothing. A draft writeup can be found at: > > http://www.monmouth.com/~jsd/turbid/paper/turbid.htm
David Honig responded, starting with a quote from that URL: > > ... "-- We check for common gross failures. We consider it > unnecessary and infeasible to check for uncommon obscure failures." The quoted passage comes from an appendix which is a "parking lot" for half-baked ideas that have NOT been incorporated into the draft paper, because they do not meet my standards of clarity and precision. So it is about as out-of-context as anything could possibly be. The passage that actually describes what I believe can be found in the main part of the paper, http://www.monmouth.com/~jsd/turbid/paper/turbid.htm#sec-measurement (I have just now revised it a bit, so please hit the "reload" button on your browser.) > It isn't that hard to run eg the Diehard suite periodically; that checks > for some fine nuances.. Well, 1) I did run Diehard. Also Mauer's Universal Statistical Test. They didn't turn up anything. I would have been very, very astonished if they had turned up any "nuances". Gross bugs, maybe, but not nuances. Turbid was designed to be "industrial strength" -- not sensitive to nuances. 2) Questions: What sort of nuances would you expect to see? -- If you suspect a weakness in SHA-1, wouldn't it be better to attack SHA-1 directly, using standard cryptanalytic techniques, including chosen inputs, rather than haphazardly probing it with whatever comes off the data-acquisition system? -- If you suspect a problem upstream of SHA-1, why not look there, where the alleged problem is? Why not look with a test that's appropriate to the problem, rather then obscuring the problem with SHA-1 and then applying a non-specific test? 3) There are lots of hardware random number generators out there that seem to be built on the criteria of "Gee, it looks kinda random to me" or "I can't find any pattern in it using the following standard tests". We strongly deprecate all such criteria. Observation and testing can provide an upper bound to the entropy density, not a lower bound. Turbid, in contrast, is designed around a lower bound. The lower bound is calculated from physics principles, not estimated using some statistical test(s). --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
