Opened 9 years ago

Last modified 4 years ago

#668 new enhancement

Add formal randomness checking to unit tests of classes using random-number generators

Reported by: stephen Owned by:
Priority: low Milestone: Outstanding Tasks
Component: crypto Version: git
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: Medium
Sub-Project: Core Feature Depending on Ticket:
Estimated Difficulty: 0.0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description

We are currently using the Boost random number generators in classes where random numbers are required (e.g. QID generation). Although these should be random, we currently do not do formal testing of the randomness of generated values in our unit tests. This runs the risk of not noticing a loss of randomness if the implementation of such classes is changed.

It is proposed that we formally check such cases using the NIST random number test suite http://csrc.nist.gov/groups/ST/toolkit/rng/index.html

Subtickets

Change History (3)

comment:1 Changed 5 years ago by tomek

  • Milestone set to Remaining BIND10 tickets

comment:2 Changed 5 years ago by tomek

  • Component changed from Unclassified to crypto
  • Defect Severity set to Medium
  • Milestone changed from Remaining BIND10 tickets to DHCP Outstanding Tasks
  • Sub-Project set to Core
  • Version set to git

I think the PRNG should be provided by crypto libs. They go through their own thorough testing regime.

comment:3 Changed 4 years ago by tomek

  • Milestone changed from DHCP Outstanding Tasks to Outstanding Tasks

Milestone renamed

Note: See TracTickets for help on using tickets.