combining entropy

Jack Lloyd lloyd at
Fri Oct 24 18:40:25 EDT 2008

On Fri, Oct 24, 2008 at 03:20:24PM -0700, John Denker wrote:
> On 10/24/2008 01:12 PM, Jack Lloyd wrote:
> > .... is a very different statement from saying that
> > lacking such an attacker, you can safely assume your 'pools of
> > entropy' (to quote the original question) are independent in the
> > information-theoretic sense.
> The question, according to the original poster, is not 
> whether it is "safe" to assume that one of the entropy
> sources can be trusted.  Safe or not, the question explicitly 
> assumed that one of the sources was trusted ... and asked 
> what the consequences of that assumption would be.

Perhaps our seeming disagreement is due to a differing interpretation
of 'trusted'. I took it to mean that at least one pool had a
min-entropy above some security bound. You appear to have taken it to
mean that it will be uniform random?


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list