On Wed, Jul 27, 2016 at 05:32:49PM -0700, Paul Dale wrote:
> John's spot on the mark here.  Testing gives a maximum entropy not a minimum. 
>  While a maximum is certainly useful, it isn't what you really need to 
> guarantee your seeding.

Fom what I've read, some of the non-IID tests actually underestimate
the actual entropy.  Which is of course better the overestimating
it, but it's also annoying.

It will also never give a value higher than 6, since one of the
tests only uses 6 bits of the input.

> IID is a statistical term meaning independent and identically distributed 
> which in turn means that each sample doesn't depend on any of the other 
> samples (which is clearly incorrect)

You shouldn't run the IID tests when you clearly know it's not an
IID.  If fact, if you're not sure it's an IID you should use the
non-IID tests.


Kurt

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to