entropy depletion (was: SSL/TLS passive sniffing)

Taral taral at taral.net
Sun Jan 9 14:12:53 EST 2005


On Sat, Jan 08, 2005 at 10:46:17AM +0800, Enzo Michelangeli wrote:
> But that was precisely my initial position: that the insight on the
> internal state (which I saw, by definition, as the loss of entropy by the
> generator) that we gain from one bit of output is much smaller than one
> full bit. 

I think this last bit is untrue. You will find that the expected number
of states of the PRNG after extracting one bit of randomness is half of
the number of states you had before, thus resulting in one bit of
entropy loss.

-- 
Taral <taral at taral.net>
This message is digitally signed. Please PGP encrypt mail to me.
A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20050109/5321cb16/attachment.pgp>


More information about the cryptography mailing list