[Cryptography] The Crypto Pi

David Johnston dj at deadhat.com
Tue Jan 27 02:07:58 EST 2015

On 1/26/15, 10:05 AM, Jerry Leichter wrote:
> While there is a real notion of entropy (several, in fact) and entropy is measured in bits, trying to use naive arguments to *count* bits of entropy is very dangerous.
>                                                          -- Jerry
While 'pure, virgin, bit for bit entropy, right from a mathematically 
fine entropy extrator hooked up to a fast and highly entropic entropy 
source' might sound nice, it is almost always better to run it through a 
computationally secure PRNG, since the pure source is necessarily speed 
limited to be less than the physical entropy source entropy rate.

The PRNG converts your min-entropy assurance into assurances of 
computational bounds on the adversary, which is news you can use and the 
PRNG can generally be designed to address side channel issues in ways 
the entropy source cannot.

That's why RdSeed is called RdSeed and not MoBetterEntropy.


More information about the cryptography mailing list