Re: Analysis of /dev/random

Ge' Weijers (ge@Progressive-Systems.Com)
Mon, 12 Apr 1999 10:22:00 -0400

• Next message: Ge' Weijers: "Re: Analysis of /dev/random"
• Previous message: Adam Shostack: "Re: Analysis of /dev/random"
• In reply to: Ge' Weijers: "Re: Analysis of /dev/random"
• Next in thread: David Honig: "/dev/random's entropy_count estimate considered too generous"
• Reply: David Honig: "/dev/random's entropy_count estimate considered too generous"

On Fri, Apr 09, 1999 at 11:11:18AM -0700, David Honig wrote:
> >It's easy to fool MUST.
> >
> >Ge'
>
> I agree with everything except the last. MUST is a function.
> My use of it as a measure of entropy is valid.
>

MUST assumes that you're working with a binary memoryless ergodic
source (this is from memory, so I might be wrong). Anything with more
memory (i.e. state) than the mamimum assumed by your MUST tool will
'fool' it. Your measure is only valid if you know somehow that the
assumption is valid.

There's never any more _real_ entropy in a pseudo-random number
generator than the amount of seed/key entropy you put in it. My
TEA-based PRNG has a 256-bit key (the counter always starts at 0), so
whatever I do I can't get more than 256 bits of entropy out of it.

> Which is why, again, if you can tell a block-cipher-based-PRNG from a TRNG
> without
> either the key or taking them apart, let us know.

I'll claim my Field medal first, I think :-)

Ge'

-- 
-
Ge' Weijers                                Voice: (614)326 4600
Progressive Systems, Inc.                    FAX: (614)326 4601
2000 West Henderson Rd. Suite 400, Columbus OH 43220

• Next message: Ge' Weijers: "Re: Analysis of /dev/random"
• Previous message: Adam Shostack: "Re: Analysis of /dev/random"
• In reply to: Ge' Weijers: "Re: Analysis of /dev/random"
• Next in thread: David Honig: "/dev/random's entropy_count estimate considered too generous"
• Reply: David Honig: "/dev/random's entropy_count estimate considered too generous"