[Cryptography] randomness +- entropy
Yaron Sheffer
yaronf.ietf at gmail.com
Sun Nov 10 04:48:12 EST 2013
On 2013-11-08 23:31, Nico Williams wrote:
> On Fri, Nov 08, 2013 at 12:23:57PM -0700, John Denker wrote:
>>> I was only arguing that consuming n bits of PRNG output != lowering the
>>> PRNG's "entropy" by n bits.
>>
>> That inequality is true and useful and well said.
>
My original comment was not a general statement about consuming bits
from the PRNG. I said that consuming PRNG bits *before the PRNG is fully
seeded* is a double problem:
- The consumer gets low-quality randomness.
- The *next* consumer's entropy is lower, because the first consumer
might broadcast the randomness he had just received.
And then Ted said that the consumer in question ("minstrel") does cause
the entropy estimate to be decreased, so the second problem does not apply.
Thanks,
Yaron
More information about the cryptography
mailing list