[Cryptography] The Crypto Pi
dj at deadhat.com
Tue Jan 27 02:07:58 EST 2015
On 1/26/15, 10:05 AM, Jerry Leichter wrote:
> While there is a real notion of entropy (several, in fact) and entropy is measured in bits, trying to use naive arguments to *count* bits of entropy is very dangerous.
> -- Jerry
While 'pure, virgin, bit for bit entropy, right from a mathematically
fine entropy extrator hooked up to a fast and highly entropic entropy
source' might sound nice, it is almost always better to run it through a
computationally secure PRNG, since the pure source is necessarily speed
limited to be less than the physical entropy source entropy rate.
The PRNG converts your min-entropy assurance into assurances of
computational bounds on the adversary, which is news you can use and the
PRNG can generally be designed to address side channel issues in ways
the entropy source cannot.
That's why RdSeed is called RdSeed and not MoBetterEntropy.
More information about the cryptography