[openssl-project] Entropy seeding the DRBG
Dr Paul Dale
paul.dale at oracle.com
Wed May 9 01:09:58 UTC 2018
Apologies for the name I’ve been sending under. I don’t represent Oracle of course.
A temporary new MUA that isn’t quite doing what I expected.
Pauli
> On 8 May 2018, at 7:33 pm, Oracle <paul.dale at oracle.com> wrote:
>
> Kurt wrote:
>
>> The comment about not hashing it is if you want to use the tool to
>> do entropy estimation. Hashing it will not increase the entropy,
>> but the estimation will be totally wrong.
>
>
>> Passing the hashed data to the drbg as entropy input is fine if
>> you already know how much entropy that it contains.
>
>
> This is spot on. Hash the data and it will appear to have eight bits per byte of entropy regardless of the input. The estimate output from NIST’s suite will be around 7.8 bits per byte but that’s close enough. The standards refer to this as “whitening”. It is fine to whiten the entropy data before passing it to the DRBG but the entropy estimate must be based on the pre-whitened data.
>
>
> Pauli
>
>
>
>
> _______________________________________________
> openssl-project mailing list
> openssl-project at openssl.org
> https://mta.openssl.org/mailman/listinfo/openssl-project
More information about the openssl-project
mailing list