[openssl-project] Entropy seeding the DRBG

Oracle paul.dale at oracle.com
Tue May 8 23:33:24 UTC 2018


Kurt wrote:

> The comment about not hashing it is if you want to use the tool to
> do entropy estimation. Hashing it will not increase the entropy,
> but the estimation will be totally wrong.


> Passing the hashed data to the drbg as entropy input is fine if
> you already know how much entropy that it contains.


This is spot on.  Hash the data and it will appear to have eight bits per byte of entropy regardless of the input.  The estimate output from NIST’s suite will be around 7.8 bits per byte but that’s close enough.  The standards refer to this as “whitening”.  It is fine to whiten the entropy data before passing it to the DRBG but the entropy estimate must be based on the pre-whitened data.


Pauli






More information about the openssl-project mailing list