[openssl-project] Entropy seeding the DRBG

Richard Levitte levitte at openssl.org
Mon Apr 30 16:00:20 UTC 2018


In message <20180430.164908.1424770216194967097.levitte at openssl.org> on Mon, 30 Apr 2018 16:49:08 +0200 (CEST), Richard Levitte <levitte at openssl.org> said:

levitte> In message <20180430.152609.587396153749337701.levitte at openssl.org> on Mon, 30 Apr 2018 15:26:09 +0200 (CEST), Richard Levitte <levitte at openssl.org> said:
levitte> 
levitte> levitte> In message <20180430131000.GA25216 at roeckx.be> on Mon, 30 Apr 2018 15:10:01 +0200, Kurt Roeckx <kurt at roeckx.be> said:
levitte> levitte> 
levitte> levitte> kurt> The comment about not hashing it is if you want to use the tool to
levitte> levitte> kurt> do entropy estimation. Hashing it will not increase the entropy,
levitte> levitte> kurt> but the estimation will be totally wrong.
levitte> levitte> kurt> 
levitte> levitte> kurt> Passing the hashed data to the drbg as entropy input is fine if
levitte> levitte> kurt> you already know how much entropy that it contains.
levitte> levitte> 
levitte> levitte> Thanks, that's what I suspected.  Ok, on to the next step
levitte> 
levitte> Not done running, but does show some promise...
levitte> 
levitte>     : ; ./a.out ../../../levitte/vms-experiments/entropy-gathering/entropy-stats.bin  8 -v
levitte>     Opening file: ../../../levitte/vms-experiments/entropy-gathering/entropy-stats.bin
levitte>     
levitte>     Running non-IID tests...
levitte>     
levitte>     Entropic statistic estimates:
levitte>     Most Common Value Estimate = 0.975224
levitte>     Collision Test Estimate = 0.902997
levitte>     Markov Test Estimate = 0.410808
levitte>     Compression Test Estimate = 0.811274
levitte> 
levitte> I assume that estimate is per "word" (i.e. per 8 bits of data in this
levitte> case).

Ok, done running...  suffice to say, the first tests left me ever so
hopeful...

    : ; ./a.out ../../../levitte/vms-experiments/entropy-gathering/entropy-stats.bin  8 -v
    Opening file: ../../../levitte/vms-experiments/entropy-gathering/entropy-stats.bin
    
    Running non-IID tests...
    
    Entropic statistic estimates:
    Most Common Value Estimate = 0.975224
    Collision Test Estimate = 0.902997
    Markov Test Estimate = 0.410808
    Compression Test Estimate = 0.811274
    t-Tuple Test Estimate = 0.0818796
    Longest Reapeated Substring Test Estimate = 0.0818772
    
    Predictor estimates:
    Multi Most Common in Window (MultiMCW) Test: 100% complete
    	Correct: 507351
    	P_avg (global): 0.508671
    	P_run (local): 0.587891
    Multi Most Common in Window (Multi MCW) Test = 0.76638
    Lag Test: 100% complete
    	Correct: 269907
    	P_avg (global): 0.271051
    	P_run (local): 0.347168
    Lag Prediction Test = 1.52629
    MultiMMC Test: 100% complete
    	Correct: 11700
    	P_avg (global): 0.011977
    	P_run (local): 0.444824
    Multi Markov Model with Counting (MultiMMC) Prediction Test = 1.16869
    LZ78Y Test: 99% complete
    	Correct: 572107
    	P_avg (global): 0.573391
    	P_run (local): 0.615723
    LZ78Y Prediction Test = 0.699647
    Min Entropy: 0.0818772

So I'd like to have it confirmed that I'm reading this right, that's
about 0.08 entropy bits per 8 data bits?  Or is it per data bit?
Depending on the interpretation, we either have 1 bit of entropy per
12 data bits...  or per 100 data bits...  The latter has my heart
sinking...

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


More information about the openssl-project mailing list