I was wondering about random (or pseudo random) sequence generation in Docker containers, but came across another interesting behavior.
When reading 8000000 bytes directly from /dev/urandom and testing result with ENT gives the following:
Entropy = 7.999976 bits per byte.
Optimum compression would reduce the size
of this 8000000 byte file by 0 percent.
Chi square distribution for 8000000 samples is 262.08, and randomly
would exceed this value 36.69 percent of the times.
Arithmetic mean value of data bytes is 127.5337 (127.5 = random).
Monte Carlo value for Pi is 3.139911785 (error 0.05 percent).
Serial correlation coefficient is -0.000101 (totally uncorrelated = 0.0).
But in case of generating 1000000 DES keys the output of ENT gives the following:
Entropy = 6.999990 bits per byte.
Optimum compression would reduce the size
of this 8000000 byte file by 12 percent.
Chi square distribution for 8000000 samples is 8000217.63, and randomly
would exceed this value less than 0.01 percent of the times.
Arithmetic mean value of data bytes is 127.4870 (127.5 = random).
Monte Carlo value for Pi is 3.145497786 (error 0.12 percent).
Serial correlation coefficient is 0.000033 (totally uncorrelated = 0.0).
Code used to generate 1000000 keys:
KeyGenerator des = KeyGenerator.getInstance("DES");
IntStream.range(0, 1_000_000).forEach(j -> {
SecretKey secretKey = des.generateKey();
System.out.write(secretKey.getEncoded());
});
Entropy is lower and Chi square distribution shows that distribution is not random anymore.
So I am wondering if SecureRandom implementation of Java just reduces an entropy and reading values directly from urandom might be a better choice.
Aucun commentaire:
Enregistrer un commentaire