combining entropy

Dave Howe DaveHowe at
Mon Oct 27 18:03:54 EDT 2008

John Denker wrote:
> On 09/29/2008 05:13 AM, IanG wrote:
>> My assumptions are:
>>  * I trust no single source of Random Numbers.
>>  * I trust at least one source of all the sources.
>>  * no particular difficulty with lossy combination.
>> If I have N pools of entropy (all same size X) and I pool them
>> together with XOR, is that as good as it gets?
> Yes.
> The second assumption suffices to prove the result,
> since (random bit) XOR (anything) is random.

unless you have a possible case where (say) for any given pool,
alternate bits are predictable; XORing all 'n' pools would still give a
maximum entropy of 50%, as the XOR of all 'n' predictable bits is

using a hash which performs error diffusion, I would expect that 'n'
equal to 3 would give a suitable combined stream in that case (assuming
the 50% of random bits *are* random of course) 2 is possibly good
enough, but I would probably over-engineer at 3, in case one pool went

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list