It’s been a busy Sunday, putting some embedded QA time towards our product’s inline entropy validation. Right now we have four statistical tests that constantly comb over each produced bit of randomness looking for suspicious patterns (i.e., patterns) from our generators. We chose each test not just to provide general warm fuzzies that our noise does in fact sound like noise, but because each targets its own type of data peculiarity - one test spots the characteristic repetition of weak generators like LCG, another roots out distributions of N-bit words that are too skew or not skew enough. All of them can be expressed as a single p-value, and are of course readily available to the user in pretty graphs like this:
Most modern cryptosystems depend on high-quality randomness, and this is truer of One Time Pad more than any other. The other guys might get away with seeding a software pseudorandom generator with a few environment-provided bytes, but we’re not generating hundreds of bits, we’re generating hundreds of billions. Total confidentiality demands it. And that’s what these tests are for - they provide some real-time assurances that our RNGs are doing what they ought to be: producing streams of independent, unguessable bits.
In a very real way, though, we’re the last people who ought to be trusted with providing these assurances. Should you rely on our self-validation? Of course not. So we built some mechanisms into our product to make independent verification easy. Here’s how to subject our box to an external randomness test suite (in this case, dieharder) in three easy steps:
Get dieharder
# sudo apt-get install dieharder
Access the raw output of our generators. We provide access to hardware entropy on TCP port 780, and access to our environmental software generator on TCP port 781. Netcat works great. Grab a screenfull (where 1.9.8.4 is your red-side IP address)
# nc 1.9.8.4 780 | dd bs=1K count=1 | od -h
If that works, start hammering. Just remember that the fine folks at Duke’s physics department have built a pretty comprehensive test suite, so grab a drink, a good book, and get a good night’s sleep. It should be done by the time you get home from work the next day.
# nc 1.9.8.4 780 | dieharder -g 200 -a
Here are the results of my run against the software system:
I’m proud to work on a team that doesn’t hand-wave. I can’t tell you how many security products I’ve used that make no mention - even in the fine print - of how they derive their randomness. None of us here at Prolaag would ever do that. We’ll put our raw data out there, front and center, for anyone who wants to double-check us.