"Tom McCallum" <te********@hotmail.com> wrote in message
news:op**************@news.blueyonder.co.uk...
Thanks for your reply, in answer to your question the NIST suite uses the
following tests:
.... I am not sure if these cover 'attractors and bits of randomness' but as
far as I can tell they seem to be a reasonable collection.
If the rand() implementation you are using passes the NIST tests,
it is likely to be reasonably good for many casual applications.
But the scope of these tests is quite limited (and on another platform,
rand() may not perform as well).
I really think that you should read the TCP/IP spoofing article I sent a
link to, or even better, the original article it refers to:
http://minilien.com/?LtytjTcByE (.pdf, describes the approach in detail)
To summarize things: the plots are basically the position of points whose
coordinates are generated from consecutive values obtained from a "random"
source. A truly random source would generate a uniform cloud of points. When
points tend to concentrate in some areas ("attractors"), it is obvious that
the data source is not as random as it would seem: the attractors allow you
to make a guess of the next value if the previous sequence is similar to a
previously encountered one. For a given analysis technique applied to a
source stream of data, the actual bits of randomness are defined by your
probability of making a correct guess.
Going back to your original question and rand() itself, let's see how easy
it would be to predict the output of rand():
First of all, unless you call srand(), you will notice that the sequence of
values returned by rand() is always the same -- and this is a requirement of
the ISO C/C++ standard.
If you do call srand() with a given value, the resulting sequence is
required to always be the same. So the set of possible sequences is limited
to the set of values your program may pass to srand().
Now let's assume you are actually calling srand() with a truly random 32-bit
value:
On a cheap hard disk, with access to your library implementation, it might
take me less than an hour to store a look-up table that matches all the
initial value(s) returned by rand() to a seed value passed to srand().
Given the first value(s) returned by rand(), I could then instantly compute
the seed and generate/predict the rest of the random sequence.
So would you rely on rand() to implement any security-sensitive application
?
Cheers, Ivan
--
http://ivan.vecerina.com/contact/?subject=NG_POST <- e-mail contact form