Randomness in the ciphertext

Un thread al respecto. Esta muy interesante ya que de él, he obtenido (al fin) lo que estaba buscando, una aplicación que haga analisis estadísco de 'ciphertext', FineCrypt. Es interesante otro programa que menciona, Yarrow. Lo usa para generar ficheros con contenido pseudo-aleatorio.
FineCrypt la verdad es que tiene muy buena pinta. Lo malo es que el analisis estadistico se hace dentro del GUI, por lo que no serviría. Necesito un comando. De todas formas si al final acabo desarrollando uno, puede servir para comparar.
La pregunta que lanza el tio (tras una introduccion):

My question is: is randomness of cyphertext a reasonable measure of  actual encryption strength, or is it just another item muddying the

water?

Voy a intentar extraer las parrafadas mas interesantes. Eso si, vete a saber si son afirmaciones ciertas todas.

+ "It is not a reasonable measure..."



+ "For messages that are much longer than the key,  the ciphertext is about as random as

the corresponding plaintext."



+ "> Results are along the lines of "The file content is almost

> certainly not random" or "The file content is almost certainly random."



"The former makes sense but the latter doesn't.  What "randomness" tests

determine is whether the observed data is consistent with the hypothesis

that it is generated by a random source.  It is possible to attribute a

likelihood for deviation from the model, but not for conformance to it."



+ " Beware. I looked at FineCrypt about a year ago and it had many

implementation errors that do not inspire confidence. The "randomness"

tests are pretty basic compared to what is availiable... Check out the NIST

test suite, Diehard, DiehardC FIPS 140."



+ "It is becoming increasingly clear that the best way to test the

programs is with the test vectors."



+ "

The

randomness of the output depends both on the input and the cypher. No

distinction is made by the questioner. He simply took a few outputs and

measured their randomness and found some to be random, according to some

stupid test, and other not. He asked if the output's being random

according to his unknown test,  could

be used to infer something about the strength of the  cypher. The answer is no.



One reason is that the output also depends on the input (the whole point

of the argument) . Another is that

no small key cypher has truely random output with non-random input, since there is a

simply algorithm (the decryption) which will produce the non random

input from the output. However, no stupid randomness test will ever

discover this unless the cypher is very very very weak."



+ "

>The

> randomness of the output depends both on the input and the cypher.



Not with RC4, unless "Input" has now been changed to include the

key."