[Cryptography] Entropy is forever ...
thierry.moreau at connotech.com
Thu Apr 23 07:38:14 EDT 2015
On 04/23/15 04:20, John Denker wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> If the seed comes from another
> CSPRNG, it reduces to the problem previously not
> solved: where does the seed come from? The only
> way to escape the loop is to obtain a seed with real
> entropy. Physics is required. You can't do it with
> algorithms alone, as von Neumann pointed out in 1947
> ... but you can do it with physics.
Another perspective perspective is to break down the analysis in two steps:
1) You need the lessons from physicists before the digitizing sensor for
the real world random process on which the hardware RNG relies.
2) After the digital samples (numeric values) are taken, the system
analysis turns to the Shanon information theory (and refinements like
the Rényi entropy) with its limited definition of entropy.
In the second step, the (information theory) entropy assessment of a
PRNG seed is derived from the analysis in the first step (a
characterization of the random data source). This analysis is
(typically, necessarily?) out-of-band of the data flow.
Despite the inter-relationships between the two steps, breaking down the
analysis in two steps helps simple minded persons like me.
More information about the cryptography