William Allen Simpson wrote:
There are already other worthy comments in the thread(s).
This is a great post. One can't stress enough
that programmers need programming guidance,
not arcane information theoretic concepts.
We are using
computational devices, and therefore computational
On Sat, Jan 08, 2005 at 10:46:17AM +0800, Enzo Michelangeli wrote:
But that was precisely my initial position: that the insight on the
internal state (which I saw, by definition, as the loss of entropy by the
generator) that we gain from one bit of output is much smaller than one
full bit.
I
- Original Message -
From: [EMAIL PROTECTED]
To: cryptography@metzdowd.com
Sent: Friday, January 07, 2005 9:30 AM
Subject: Re: entropy depletion (was: SSL/TLS passive sniffing)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Enzo
Michelangeli
Sent: Tuesday, January
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Enzo
Michelangeli
Sent: Tuesday, January 04, 2005 7:50 PM
This entropy depletion issue keeps coming up every now and
then, but I still don't understand how it is supposed to
happen. If the PRNG uses a really non-invertible
On Thu, Jan 06, 2005 at 04:35:05PM +0800, Enzo Michelangeli wrote:
By how much exactly? I'd say, _under the hypothesis that the one-way
function can't be broken and other attacks fail_, exactly zero; in the
real world, maybe a little more.
Unfortunately for your analysis, *entropy* assumes
| You're letting your intuition about usable randomness run roughshod
| over the formal definition of entropy. Taking bits out of the PRNG
| *does* reduce its entropy.
|
| By how much exactly? I'd say, _under the hypothesis that the one-way
| function can't be broken and other attacks fail_,
From: John Denker [EMAIL PROTECTED]
Sent: Jan 5, 2005 2:06 PM
To: Enzo Michelangeli [EMAIL PROTECTED]
Cc: cryptography@metzdowd.com
Subject: Re: entropy depletion (was: SSL/TLS passive sniffing)
...
You're letting your intuition about usable randomness run roughshod over
the formal definition
- Original Message -
From: John Denker [EMAIL PROTECTED]
Sent: Thursday, January 06, 2005 3:06 AM
Enzo Michelangeli wrote:
[...]
If the PRNG uses a
really non-invertible algorithm (or one invertible only
with intractable complexity), its output gives no insight
whatsoever on