[16694] in cryptography@c2.net mail archive
Entropy and PRNGs
daemon@ATHENA.MIT.EDU (David Wagner)
Mon Jan 10 17:56:46 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: David Wagner <daw@cs.berkeley.edu>
To: cryptography@metzdowd.com
Date: Mon, 10 Jan 2005 12:34:12 -0800 (PST)
Reply-To: daw-usenet@taverner.CS.Berkeley.EDU (David Wagner)
John Denker writes:
>Well, of course indeed! That notion of entropy -- the entropy
>in the adversary's frame of reference -- is precisely the
>notion that is appropriate to any adversarial situation, as I
>have consistently and clearly stated in my writings;
[...]
>There is only one entropy that matters in an adversarial
>situation. The so-called "unconditional entropy" H(X) is
>merely a wild overestimate of the only thing that matters.
Ok. I see that you were already well aware of the point Ben Laurie
was making, and indeed it was obvious to you. Great.
But I have seen people for who this was definitely not obvious, and
who failed to recognize the distinction between the two concepts or
the need to use conditional entropy until it was pointed out to them.
I guess Ben's paper is going to be useful for them, but not for you.
>I imagine a smart person such as DAW should be able to come
>up with five schemes in five minutes whereby UUID generation
>can be delegated to virtually any machine that wants it.
>MAC(eth0) /concat/ local counter will do for scheme #1.
[...]
>Horsefeathers. For generating UUIDs, _zero_ entropy is
>sufficient, and no positive amount of entropy (unconditional
>or otherwise) can be called necessary.
You're right. I take it back. I accept your point about UUIDs.
There are schemes that avoid the need for randomness (entropy).
Thank you.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
