[907] in WWW Security List Archive
Re: Netscape's purported RNG
daemon@ATHENA.MIT.EDU (Jeffrey I. Schiller)
Fri Sep 22 12:29:35 1995
Date: Fri, 22 Sep 1995 09:39:19 -0400
To: Don Stinchfield <des@ebt.com>
From: jis@mit.edu (Jeffrey I. Schiller)
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
At 8:35 9/21/95, Don Stinchfield wrote:
>Instead of dicsussing internal mechanisms for providing high quality
>products I think we should be discussing external mechanisms
>for proving the security claims of a product. I'm not sure how difficult
>this may be but a set of conformance tests could be created (?) that can
>be used to verify that a product has achieved its desired security level.
>Otherwise, beyond a companies claim that its products provide security,
>there is no way for a user to verify a product's security capabilities.
>But, if a product has passed the www-security conformance test suite then
>the user is assured that at least some level of security has been verified.
Turns out you cannot do this for security, or more specifically for testing
cryptographic algorithms and for analyzing random number generators.
A random number generator can generate output that passes any and all
statistical tests for randomness, but is still completely predictable to
someone who knows how it works internally. The only solution is to have the
code both examined and tested by experts in the field. There are few such
experts in this field.
-Jeff
