[Cryptography] Entropy is forever ...

Thierry Moreau thierry.moreau at connotech.com
Thu Apr 23 07:38:14 EDT 2015

On 04/23/15 04:20, John Denker wrote:
> Hash: SHA1
>   If the seed comes from another
> CSPRNG, it reduces to the problem previously not
> solved:  where does the seed come from?  The only
> way to escape the loop is to obtain a seed with real
> entropy.  Physics is required.  You can't do it with
> algorithms alone, as von Neumann pointed out in 1947
> ... but you can do it with physics.

Another perspective perspective is to break down the analysis in two steps:

1) You need the lessons from physicists before the digitizing sensor for 
the real world random process on which the hardware RNG relies.

2) After the digital samples (numeric values) are taken, the system 
analysis turns to the Shanon information theory (and refinements like 
the Rényi entropy) with its limited definition of entropy.

In the second step, the (information theory) entropy assessment of a 
PRNG seed is derived from the analysis in the first step (a 
characterization of the random data source). This analysis is 
(typically, necessarily?) out-of-band of the data flow.

Despite the inter-relationships between the two steps, breaking down the 
analysis in two steps helps simple minded persons like me.


- Thierry

More information about the cryptography mailing list