John Denker wrote:
For the sources of entropy that I consider real entropy, such as thermal noise, for a modest payoff I'd be willing to bet my life -- and also the lives of millions of innocent people -- on the proposition that no adversary, no matter how far in the future and no matter how resourceful, will ever find in my data less entropy than I say there is.
Let me comment, John, that thermal noise is not random and is not "real entropy" (btw, is there a "fake entropy" in your view?).
There are several quantities that can be estimated in thermal noise, reducing its entropy according to what you seem to expect today. See "photon bunching", as an example that is usually ignored. Another, even though trivial, example is due to the observation that thermal noise is not white noise. Yet another observation is that no noise is really white, because of causality (in other words, it's duration must be finite). The noise that is due to photon fluctuations in thermal background radiation, for another example, depends also on the number of detectors used to measure it, as well as single- or multiple-mode illumination, and both internal and external noise sources.
Yes, it's entirely possible that someone in the future will know more about your entropy source than you do today! Even thermal noise.
OTOH, why are nuclear decay processes considered safe as a source of entropy? Because the range of energies preclude knowing or tampering with the internal state. These processes are, however, not free from correlations either.
Cheers, Ed Gerck
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]