[openssl-dev] DRBG entropy
Kurt Roeckx
kurt at roeckx.be
Fri Jul 29 21:51:02 UTC 2016
On Thu, Jul 28, 2016 at 03:40:38PM -0700, Paul Dale wrote:
> I probably should have mentioned this in my earlier message, but the exponential example is valid for the NSIT SP800-90B non-IID tests too: 5.74889 bits per byte of assessed entropy. Again about as good a result as the tests will ever produce given the ceiling of six on the output. There is still zero actual entropy in the data. The tests have massively over estimated.
Tests are never perfect. There are various things you can do that
will let the result in giving a higher entropy estimate that what
it really has. You should really know what your testing and input
something from a real noise source.
Some examples of things that will probably give a very high score:
- Any complex sequence of numbers, including things like pi, e,
the output of a PRNG, ...
- Add 1 bit of entropy (or even less) into a hash function for
every byte that you pull out of it.
I think it's important to have a model of your noise source and
check that the noise you get actually matches that model. This
model should also include the expected entropy you get out of your
noise source.
Kurt
More information about the openssl-dev
mailing list