Entropy and PRNGs

2005-01-10 Thread David Wagner
John Denker writes: >Well, of course indeed! That notion of entropy -- the entropy >in the adversary's frame of reference -- is precisely the >notion that is appropriate to any adversarial situation, as I >have consistently and clearly stated in my writings; [...] >There is only one entropy that m

Re: Entropy and PRNGs

2005-01-10 Thread John Denker
John Kelsey wrote: If your attacker (who lives sometime in the future, and may have a large budget besides) comes up with a better model to describe the process you're using as a source of noise, you could be out of luck. The thing that matters is H(X| all information available to the attacker),

Re: Entropy and PRNGs

2005-01-10 Thread John Kelsey
>From: John Denker <[EMAIL PROTECTED]> >Sent: Jan 10, 2005 12:21 AM >To: David Wagner <[EMAIL PROTECTED]> >Cc: cryptography@metzdowd.com >Subject: Re: Entropy and PRNGs >> Conditioned on everything known to the attacker, of course. >Well, of course indeed! That notion of entropy -- the entropy >

Re: Entropy and PRNGs

2005-01-10 Thread John Denker
Ben Laurie wrote: The point I am trying to make is that predictability is in the eye of the beholder. I think it is unpredictable, my attacker does not. I still cannot see how that can happen to anyone unless they're being willfully stupid. It's like something out of Mad Magazine: White Spy accep

A new license fee for every smart card?

2005-01-10 Thread R.A. Hettinga
: CR80 News A new license fee for every smart card? Monday, January 10 2005 Cyptography Research asks chip or card manufacturers to pay for use of its patented security measures In the late 1990s, a scare tor

Re: Entropy and PRNGs

2005-01-10 Thread Ben Laurie
John Denker wrote: Ben Laurie wrote: Given recent discussion, this is perhaps a good moment to point at a paper I wrote a while back on PRNGs for Dr. Dobbs, where, I'll bet, most of you didn't read it. http://www.apache-ssl.org/randomness.pdf I just took a look at the first couple of pages. IMH

Re: Entropy and PRNGs

2005-01-10 Thread John Denker
Referring to http://www.apache-ssl.org/randomness.pdf I wrote: >>I just took a look at the first couple of pages. >>IMHO it has much room for improvement. David Wagner responded: I guess I have to take exception. I disagree. I think Ben Laurie's paper is quite good. I thought your criticisms mis