work factor calculation for brute-forcing crypto

David Wagner daw at
Sat Jul 18 01:54:03 EDT 2009

>Assume for a moment that we have a random number generator which is
>non-uniform, and we are using it to generate a key.
>What I'd like to do is characterize the work factor involved in
>brute-force search of the key space, assuming that the adversary
>has knowledge of the characteristics of the random number generator?

You may want to use the guessing entropy.
I've written about it before here: 

Christian Cachin's thesis is a wonderful introduction to entropy
measures, including the guessing entropy.

By the way, I'll make the obvious recommendation: Try to avoid
using a non-uniform random number generator to generate a cryptographic
key, if you can.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list