a) Suppose I shuffle a deck of cards, and ask you to figure out the order of the cards. The entropy in this situation is the logarithm of 52 factorial, which is just under 226 bits. You can figure out the order by asking 226 yes/no questions.
b) Suppose I prepare two decks of cards by shuffling one and then stacking the other into the exact same configuration. If we throw away deck #1, the entropy of deck #2 is 226 bits. If we throw away deck #2, the entropy of deck #1 is 226 bits. The situation is symmetrical with respect to which deck is which. Last but not least, if we keep both decks, the entropy of both of them together is 226 bits. This proves that entropy is not an extensive quantity. It is context-dependent. Some people find this confusing or even disturbing, but it is a well-established fact of nature. For details on all this, see http://www.av8n.com/physics/thermo/entropy.html#sec-card-game ========= In another thread, on 09/15/2010 01:29 PM, Henrique de Moraes Holschuh wrote in part: > Part 1: enough stored entropy to use as "seed material" (4Kib for Linux) > that is unknown to the attacker. > > Part 2: something that is unique to this specific device among all others. > > Part 3: something that is provably different each time this specific device > is rebooted, i.e. each time there has been an irreversible loss of state. There are two possibilities: a) If the stored material in Part 1 is unique on a per-machine basis, Part 2 is pointless. b) If the stored material in Part 1 is cloned from machine to machine, this doesn't make sense, because it is not entropy. Calling it "stored entropy" does not make it so. It is not entropy and it is not secure. Adding Part 2 and/or Part 3 cannot make it secure. So, either way, the overall three-part proposal does not make sense. There is a fundamental principle in the cryptography / security business says that you cannot make something secure by throwing together a whole bunch of insecure elements. You can make it complicated, but you cannot make it secure. This has been discussed and documented, in connection with RNGs and otherwise, in various places including Knuth _TAoCP_ ===== I started a new thread because I am happy to have a wide-ranging discussion of fundamental principles of security, cryptology, and physics ... but I don't want it to be mistaken for a review of the recently-submitted patches. I reckon that understanding the fundamental properties of entropy may be a prerequisite for reviewing the patches, but it is not the same thing. _______________________________________________ Pkg-sysvinit-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-sysvinit-devel
