[openssl-dev] DRBG entropy

Leon Brits leonb at parsec.co.za
Mon Aug 1 09:17:51 UTC 2016 

Kurt,

> -----Original Message-----
> From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of
> Kurt Roeckx
> Sent: 30 July 2016 12:19 AM
> To: openssl-dev at openssl.org
> Subject: Re: [openssl-dev] DRBG entropy

> Have you tried running NIST's software
> (https://github.com/usnistgov/SP800-90B_EntropyAssessment)
> yourself?  Can you run it in verbose mode and give the results of all the
> tests it ran?

Yes, this is the test that indicated an entropy of 2b/B. I ran the test on 1M and 4M and the result was 2.19 and 2.35 respectively. The 4MB file test output is appended below.
Now in the OpenSSL UG2.0 section 6.1.1 a paragraph states:
"Now suppose we have a low grade entropy source which provides just 1 bit of entropy per byte. Again assume it is uniform (e.g. we don't get 8 bits of entropy in byte 1 and nothing in the next 7). Again let's have a block size of 16 bytes. This time to get 256 bits of entropy the source must provide it in a 256 byte buffer. An extra block is required which makes 272 bytes but because we only have 1 bit of entropy per byte it just needs to supply 272 bits of entropy."

Am I correct to state that for a tested entropy source of 2b/B and the same assumptions as in the paragraph, I need to return 8 blocks of 16B each in my get_entropy() callback?

Thanks
LJB

******************************************************
Read in file randomness.bin, 4194304 bytes long.
Dataset: 4194304 8-bit symbols, 256 symbols in alphabet.
Output symbol values: min = 0, max = 255

Running entropic statistic estimates:
- Most Common Value Estimate: p(max) = 0.00411016, min-entropy = 7.92659
- Collision Estimate: p(max) = 0.00873199, min-entropy = 6.83947
- Markov Estimate (map 6 bits): p(max) = 9.71537e-228, min-entropy = 5.89156
- Compression Estimate: p(max) = 0.00743246, min-entropy = 7.07194
- t-Tuple Estimate: p(max) = 0.00495551, min-entropy = 7.65675
- LRS Estimate: p(max) = 0.155747, min-entropy = 2.68272

Running predictor estimates:
Computing MultiMCW Prediction Estimate: 99 percent complete
	Pglobal: 0.003997
	Plocal: 0.001358
MultiMCW Prediction Estimate: p(max) = 0.00399729, min-entropy = 7.96676

Computing Lag Prediction Estimate: 99 percent complete
	Pglobal: 0.004009
	Plocal: 0.001358
Lag Prediction Estimate: p(max) = 0.00400879, min-entropy = 7.96262

Computing MultiMMC Prediction Estimate: 99 percent complete
	Pglobal: 0.004934
	Plocal: 0.195448
MultiMMC Prediction Estimate: p(max) = 0.195448, min-entropy = 2.35514

Computing LZ78Y Prediction Estimate: 99 percent complete
	Pglobal: 0.004034
	Plocal: 0.195448
LZ78Y Prediction Estimate: p(max) = 0.195448, min-entropy = 2.35514
-----------------------
min-entropy = 2.35514

More information about the openssl-dev mailing list