Re: Key entropy, stream entropy, block entropy, block population entropy AKA uniique stream length

On 11 Feb, 21:23, clark <c...@xxxxxxxxxxx> wrote:
On 10 Feb 2007 17:42:21 -0800, j...@xxxxxxxx wrote:
<snip>

You can't change that. You've done nothing to alter the truth of it.

Well with a key only have eight bit entropy the stream pass a DIE HARD
test, must be some fucking good eight bit chosen. Idiot.........

Idiot?

Well... let's see who the idiot really is.

First of all, it is well known around here in sci.crypt that idiots
try to use DIEHARD to show security or the presence of entropy.

Yes. Idiots arrive here in broken down buses like the one you're on
and proudly sputter about DIEHARD when they don't know what it does
and they don't know what entropy really is.

DIEHARD doesn't show that you've got security or entropy. DIEHARD
checks for random distribution and can show if there are big design
issues with a mechanism that is supposed to produce pseudo random
data. But one thing is certain, and that is DIEHARD definitely can't
show that you're secure.

You obviously don't know what that means. Let me break it down for
you, and you should pay attention, if you're capable of doing that.

The simple counter sequence:
SHA1(0), SHA1(1), SHA1(2), SHA1(3), SHA1(4), ... will pass all the
DIEHARD tests.

But that sequence has zero entropy and zero cryptographic strength.

There is no security. No entropy. But it will pass DIEHARD.

I told you that you can't get entropy anywhere but from entropic
sources. You can't put entropy into a stream if it doesn't exist.
Your only source of entropy is the password/key.

That is just the truth.

And you continue to maintain that both the password/key and a
deterministic algorithm put entropy into a stream, and you loudly
proclaim DIEHARD results must make you correct, while calling me an
idiot.

And now I'm laughing. I have a sense of humor and I can't help it,
because the irony isn't lost on this exchange and its pretty funny.

OK soon we will end up talking about if real entropy really exist, but
i will give you an example anyway.

Given a random process (of course of infinit length) a scientist one
day find out that he can seed the random process, and it doesn't
behave random anymore. The process restart.

The process seem though to be able to be seeded with values of anysize
and for anysize of seed a new output stream emerges.

When he study the streams they seem completly random and he can not
understand the process that creates it, and the stream have same
properties when seeded with a two bit value as with a 2048 bit value
only difference is that a new keydependent offset in stream seem to be
created.

He now realise allthough the output of the string seem to be random he
can seed it with an input value and recreate the experimental setups.

He starts working on a lookuptable for each stream seeded with a bit
key, he realise he can just store 256 bytes of every stream otherwise
he will have storage problems.

The problem is now although he now he can seed the process and store a
result of 256 bytes for each seed, he realise that the *INTERNAL
ALGORITHM* process to him is unknown he can not really say anything
about the outcome without to actually seed the process.

So he realise that the process for the seed values fore each of the
256 bytes in the look up table are known. Except for the seeding
process to create next stream he realise he is in the dark.
Because the values seems random but he know they are not because he
can recreate the output for every seeded key.

For every not tested seed value he realise the output string will be
unknown.
He finally decide to call the process and stream "seed dependent" the
answer can not be known without actually seed the process.

So the process was actually random before he started look into it, he
found out it could be seeded but nothing really could be said about
the process. The output stream still looks random.

Later when he wants to present his finding for his associates, he
start to think about how much entropy each of the *STREAMS* have it
seems the *STREAM* properties is *INDEPENDENT* of the *SEED/KEY* size.
And in fact the stream of the process seem randomly distributed even
for a *SEED* of just two bits.

Should he say that each stream only have two bits entropy, well
certainly Kristian Gjosteen, David Taylor, John E Hadstate, Phil
Carmody and Rossum would.
And the little brownnoses Clark and R.E.S would soon be nodding and
join their choir

Best regards Jonas Thörnvall

.

Quantcast