Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment Re:unless the NIST evaluation tools are broken... (Score 1) 362

Are you talking about SP800-22 when you talk about 'NIST tools'?

SP800-22 is a bad spec. The Lempel Ziv test is randomness is actually broken. But we have better tools than SP800-22. TestU01, Dieharder, etc.

If you want to check for an undermined RNG you need to look for correlation between outputs across multiple devices.

Comment FIAF. (Score 4, Interesting) 212

This is a FIAF thing..

It's not that they're better at extracting nutrients, it's that they influence the body to expend more or less enery. The nutrient extraction is a side effect.

I do wish researchers would read the relevant literature before jumping to conclusions.

Comment Re:and the nsa the existing one is fine (Score 1) 32

>NIST isn't all bad

But it is fairly bad. The numerous 'frameworks' and 'guidelines' lack specificity and a clear certification path, while the many crypto specs are overburdened with buckets of specificity that makes certification onerous.

Part of the problem is that the NIST specs are not created with anything like a normal standards process where there are competing interests watching out for stupid stuff and jumping on it. That's how we ended up with nightmares like the key derivation spec or the inappropriate online tests in SP800-90B or the fixed block size on AES. Anything contributed from the outside had to play be predetermined rules that did not improve the specs.

Slashdot Top Deals

Life would be so much easier if we could just look at the source code. -- Dave Olson