Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:11:01
Dutra de Lacerda (dulac@ip.pt)
Sun, 23 Aug 1998 03:13:44 +0100
At Sunday, you wrote:
>> Notice that the heart of the routine is the idle transformations
>> interrupted by a keypress. Thus the importance of the frequency
>> of the transforms while idle. What is such a frequency in a 686
>> at 200MHz?
>
>even with the generous assumption that there is only one keypress per
>1 second interval, randomly distributed, and a full CPU operation per
>clock cycle, this only leads you to a maximum of ~18 bits of entropy
>per keypress.
Yes, that may be a way to see the problem.
However one must have the notion Entropy does not come in packs.
It is necessary to evaluate the global process, and this is very
tricky when dealing with a chaotic system like this. Because that
is what is happening here:
We have 2 different dimensional sources of entropy:
The least important is the Key Choosed; 27 Char to choose.
The most important is WHEN to press; This is Out of the usual.
Other variables relevant are the total amount of rounds used, the
internal primitive Hash continues to roll, and the number of times
the path is disturbed with each disturbance affecting the final
result. How many paths are there to the internal Hash?!?
If we assume the first idle transform resultant (until the
first key), of 2^10 (a very conservative approach) we must add to
the exponent all other events like 2^4 from the key choosed and
again the next cycle.
For 10 Keys we will get some 2^140 possible paths, more
or less... only dependent from the primitive hash falling in
deterministic situations like data loops. The weak part is the
inner hash running at full speed for millions of iterations.
>you cannot get more entropy, no matter what your algorithm
>is doing, unless it's pulling in another truly random source.
Right... and Wrong!
You are assuming fixed sources for entropy... You forget time
as source. If a cube has 6 faces how many slices have one second?!?
In a computer you have the frequency of usage of a piece of code
in a loop... What is it's entropy ?!? This are NOT common waters.
This is the inner of such a small piece of code.
How many possible values can we obtain?!?
How many paths are possible, knowing that User interference will
change the actual path in ONE of the Millions of cycles.
>your algorithm could be useful as the input to a hash which was then
>used to fill crypto purposes, but it's not safe to use directly.
If I have 2^104 possible results I'm confident i can get a good
2^64 bits password completely Random.
As a proposal to the study of this situation I would propose to
consider the TOTAL number of cycles in the Loop... subtracted by
the minimum delay between keystrokes times the amount of keystrokes.
This value should be close for the amount of possible paths.
Should be added the combinations of the number of keys used.
I expect a value much larger than 2^64 for the final result.
Conclusions:
1-Entropy is hard to get...
...but there's plenty around us in every event.
2-The faces of a dice are NOT the only measure for the entropy in a dice.
3-Time is one of the greatest unused resources.
Best Regards,
Dutra de Lacerda.
P.S.- I'm surprised by the difficulty so many people seem to have
in understanding the simple concept as extracting entropy from time
with an inherently chaotic system. I've used it for more than ten
years with different approaches according with the needs.
- - -
Antonio Manuel Melo de Carvalho Dutra de Lacerda
Morada : Rua Rodrigues Cabrilho, 5 - 5 Esq.
1400 Lisboa, PORTUGAL
Telefone : +351-(1)-3013579
FAX & BBS : +351-(1)-3021098
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:11:01