[openssl-dev] DRBG entropy

[Paul Dale]

I probably should have mentioned this in my earlier message, but the exponential example is valid for the NSIT SP800-90B non-IID tests too: 5.74889 bits per byte of assessed entropy.  Again about as good a result as the tests will ever produce given the ceiling of six on the output.  There is still zero actual entropy in the data.  The tests have massively over estimated.


Pauli
-- 
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption 
Phone +61 7 3031 7217
Oracle Australia


-----Original Message-----
From: Kurt Roeckx [mailto:kurt at roeckx.be] 
Sent: Friday, 29 July 2016 8:31 AM
To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] DRBG entropy

On Wed, Jul 27, 2016 at 05:32:49PM -0700, Paul Dale wrote:
> John's spot on the mark here.  Testing gives a maximum entropy not a minimum.  While a maximum is certainly useful, it isn't what you really need to guarantee your seeding.

Fom what I've read, some of the non-IID tests actually underestimate the actual entropy.  Which is of course better the overestimating it, but it's also annoying.

It will also never give a value higher than 6, since one of the tests only uses 6 bits of the input.

> IID is a statistical term meaning independent and identically 
> distributed which in turn means that each sample doesn't depend on any 
> of the other samples (which is clearly incorrect)

You shouldn't run the IID tests when you clearly know it's not an IID.  If fact, if you're not sure it's an IID you should use the non-IID tests.


Kurt

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev