On Wed, Mar 22, 2006 at 03:29:07PM -0800, Aram Perez wrote: > * How do you measure entropy? I was under the (false) impression that > Shannon gave a formula that measured the entropy of a message (or > information stream).
He did give a formula for the entropy of a source; however the caculation is based on the probabilties of each symbol appearing. Unless you know those, you can't actually apply the formula. So it is computable in theory, just not in pratice for any source that is at all interesting. > * Can you measure the entropy of a random oracle? Or is that what > both Victor and Perry are saying is intractable? A random oracle, by definition, produces a completely random output. However, since random oracles don't actually exist that does not seem to be a terribly interesting thing to be measuring the entropy of. > * Are there "units of entropy"? Bits are usually the most intuitive/useful unit. > * What is the relationship between randomness and entropy? I have a vague feeling this question requires a deeper answer than I'm able to provide. > * Does processing an 8 character password with a process similar to > PKCS#5 increase the entropy of the password? No, because there are no additional secrets. Knowledge of the password is all you need to rederive the final output, thus clearly there is no additional information (ie, entropy) in the output that was not in the original password. This ignores the salt, iteration count, and the specification of the algorithm itself, but those are all (usually) public. So they contribute to the entropy, they do not contribute to the conditional entropy, which is what we are usually interested in when thinking about entropy and crypto. > * Can you add or increase entropy? Yes. Let's say the contents of tommorrow's NY Times has n bits of entropy (we probably can't actually calculate n, but we know it is a finite and fixed value). And the LA Times from the same day will also have some amount of entropy (call it n'). However, the entropy of the two papers combined would (probably) not be n+n', but some number x st min(n,n') <= x <= n+n', because the two papers will report on many of the same issues, carry some of the same AP stories, and so forth. This redundant information doesn't increase the entropy (reading the same AP story in a second newspaper wouldn't give you any new information). A book you may find interesting is "Elements of Information Theory" by Cover & Thomas. -Jack --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]