[Cryptography] Proper Entropy Source

John Kelsey crypto.jmk at gmail.com
Wed Jan 29 10:30:36 EST 2020


You need at least an approximate probability distribution for your source, based on a physical understanding of your source's behavior, to be able to make a sensible entropy estimate.  (Entropy isn't a property of a bitstring, it's a property of the process that generated it, so you need to understand that process.)  Given that model, you can find statistical tests that are great at estimating entropy.  But without the model all a black box estimator can do is give you an upper bound.

However, this kind of model is basically impossible for operating system sources--for those, you can make pretty plausible arguments that there is stuff no attacker can guess in there somewhere, but you can't get any kind of nice probability estimates based on a physical understanding because the source is too complicated to model well. 

The best you cam do is make some plausible bounds on an attacker's ability to guess things.  

--John


More information about the cryptography mailing list