[openssl-project] Entropy seeding the DRBG

Richard Levitte levitte at openssl.org
Tue May 1 04:09:13 UTC 2018


In message <20180430162209.GA4439 at roeckx.be> on Mon, 30 Apr 2018 18:22:09 +0200, Kurt Roeckx <kurt at roeckx.be> said:

kurt> On Mon, Apr 30, 2018 at 06:00:20PM +0200, Richard Levitte wrote:
kurt> > 
kurt> > So I'd like to have it confirmed that I'm reading this right, that's
kurt> > about 0.08 entropy bits per 8 data bits?  Or is it per data bit?
kurt> 
kurt> Per symbol, being 8 bits for what you provided.
kurt> 
kurt> > Depending on the interpretation, we either have 1 bit of entropy per
kurt> > 12 data bits...  or per 100 data bits...  The latter has my heart
kurt> > sinking...
kurt> 
kurt> It's per 100 bits, and that's really still an overestimate. One
kurt> of the models they used was able to predict it that well.

That well?  I'm not sure I understand, the final min-entropy value is
the *lowest* of all different estimates.  Also, I'm not sure what
makes you say it's an overestimate...  are you simply speculating?

Either way, this is quite discouraging, because this means that with
that estimate, I need to gather about 25 KiB of data to meet the
requirements of our DRBG.  Right?

kurt> It might be possible to create a better model.

I'm not sure I understand what you mean.

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


More information about the openssl-project mailing list