Re: NIST suite - results for VMPC cipher

From: Benjamin Choi (nospam_at_technosoft21.com)
Date: 11/07/03 

Date: 7 Nov 2003 06:19:42 -0800

"Bartosz Zoltak" <QPbzoltak(without "QP")@vmpcfunction.com> wrote in message news:<boc3im$5u0$1@atlantis.news.tpi.pl>...
>
> And I have a general question about randomness-testing after having
> played with the VMPC generator and experiencing that it passes all
> kinds of statistical tests and all kinds of
> distinguishers-from-randomness ideas that I have managed to come up
> with or which other people suggested.
>
> The question is - which is the harder problem - designing good PRNGs
> or breaking them (designing statistical tests which can find biases in
> them)?
Designing statistical tests which can find biases is not equal to
breaking a PRNG. Take note of the Fluhrer-Mantin-Shamir attack on the
RC4 key scheduling algorithm. They didn't break the PRNG in that
attack but they certainly exploited the weak KSA...
And, to the best of my knowledge, passing statistical tests does not
necessarily mean a good PRNG.

> If the latter - there is nothing unusual that a given generator passes
> the tests but I don't know whether this is true - what is your view on
> this from your experience?
>
> [As to cryptography - breaking ciphers is certainly harder than
> designing them, even though designing good ciphers is a bit harder
> probably, as B. Schneier put it - cryptography is easy to do badly but
> very hard to do well (not sure if I quote precisely)]
I agree. 

--
Benjamin Choi
Quantcast