| Min-entropy of a probability distribution is | | -lg ( P[max] ), | | minus the base-two log of the maximum probability. | | The nice thing about min-entropy in the PRNG world is that it leads to | a really clean relationship between how many bits of entropy we need | to seed the PRNG, and how many bits of security (in terms of | resistance to brute force guessing attack) we can get. Interesting; I hadn't seen this definition before. It's related to a concept in traditional probability theory: The probability of ruin. If I play some kind of gambling game, the usual analysis looks at "the value of the game" strictly as my long-term expectation value. If, however, I have finite resources, it may be that I lose all of them before I get to play long enough to make "long-term" a useful notion. The current TV game show , Deal Or No Deal, is based on this: I've yet to see a banker's offer that equals, much less exceeds, the expected value of the board. However, given a player's finite resources - they only get to play one game - the offers eventually become worth taking, since the alternative is that you walk away with very little. (For that matter, insurance makes sense only because of this kind of analysis: The long-term expectation value of buying insurance *must* be negative, or the insurance companies would go out of business - but insurance can still be worth buying.) -- Jerry

--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]