Testing Techniques to Find the Sin

Previous page
Table of content
Next page

While statistical tests that can be applied to random numbers work in some cases, its usually not very feasible to apply these techniques in an automated way during quality assurance, because measuring random number generator outputs often needs to be done indirectly.

The most common set of tests are the Federal Information Processing Standard (FIPS) 140-1 random number generator (RNG) validation tests. One of the tests operates in an ongoing manner, and the rest are supposed to be run at generator start-up. Its usually much easier to code this right into the RNG than to apply them in any other manner.

Note 

Tests like FIPS are totally worthless on data that has come out of a CRNG. They are only useful for testing true random numbers. Data coming out of a true CRNG should always pass all statistical tests with extremely high probability, even if the numbers are 100 percent predictable.

For individual instances where you want to check and see if randomness is used where it should be, you can generally get a hint just by observing a few subsequent values. If theyre spread reasonably evenly across a large space (64 bits or more), then theres probably nothing to worry about. Otherwise, you should look at the implementation. Certainly, if the values are subsequent , theres a sure problem.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
Metrics and Models in Software Quality Engineering (2nd Edition)
Managing Enterprise Systems with the Windows Script Host
MySQL Cookbook
Microsoft WSH and VBScript Programming for the Absolute Beginner
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy