[Cryptography] Uncorrelated sequence length, was: A TRNG review per day

Theodore Ts'o tytso at mit.edu
Sat Oct 25 15:53:56 EDT 2014


On Sat, Oct 25, 2014 at 05:51:03AM -0400, Bill Cox wrote:
> 
> I write 512 bits containing over 400 bits of entropy in one call, as the
> minimum, with ioctl.  I have to look at the kernel code to see how it
> works, but assuming:

If you have that much randomness, why do you need a cryptographic hash
to do the mixing?   Pretty much any mixing algorithm will do.

Note that even if the randomness isn't evenly distributed across the
4096 bits of the input entropy pool, we do use a secure cryptographic
hash to generate the output, so if you've added 256 bits worth of
uncertainty in the pool, it doesn't really matter whether it is
concentrated in one part of the pool or not.

Cheers,

      	  	    	   	    	   - Ted


More information about the cryptography mailing list