1993-12-01 - Entropy, Randomness, etc.

Header Data

From: jerry@terminus.dell.com (Jeremy Porter)
To: cypherpunks@toad.com (cypher)
Message Hash: f9043c52a61035ae020491b241dbdc2dc9ca9f66badd2cc2bc4ef5232b2b9251
Message ID: <9312010132.AA20601@terminus.us.dell.com>
Reply To: N/A
UTC Datetime: 1993-12-01 00:32:18 UTC
Raw Date: Tue, 30 Nov 93 16:32:18 PST

Raw message

From: jerry@terminus.dell.com (Jeremy Porter)
Date: Tue, 30 Nov 93 16:32:18 PST
To: cypherpunks@toad.com (cypher)
Subject: Entropy, Randomness, etc.
Message-ID: <9312010132.AA20601@terminus.us.dell.com>
MIME-Version: 1.0
Content-Type: text/plain


With all this talk about entropy, randomness, and gaussian distributions,
I'm hoping we can clear up some of the confusion that I am having.
My understanding of a random number is a number is generated from
two or more unrelated events.
In order for this number to be most useful cryptographically, it needs
a even distribution.  This distribution is such that any one number
in the range of possible values is equally probable as any other number.
Does this make this distribution a gaussian distribution?

Maybe I just don't understand the theory behind the random numbers
well enough, but with all of these terms floating around it is hard
to keep track.

The reason I want to get some of these things clarified, is because
I am becoming more interested in some of the analysis people have been
talking about being possible.  Also how are these statistical measurements
done?  Is it as simple as a histogram?  (useful for simple alphabet
transliterations).  Are we talking frequency analysis with FFTs and
more advanced things?  How do we measure the entropy of a random number,
or a series of random numbers?  Have people on the list done this, or
is this still in the range of people that do math and number theory for
a living?

Give a particular set of data used to generate a random key, such as,
a unix box's /dev/mem, how can one measure the number of bits of
entropy?

These topics are probably covered in some of the basic books in the field,
but all of the reference's I've been able to locate don't go into
specifics of how to measure the quality of random numbers.

Unless some measurements are made, you can't really be sure that those
/dev/mem MD5 hashes don't come up the same 10%, 30%, or more of the time.
It seems that a lot of assumptions are being made about what is good and
what isn't.

I plan to build a hardware random number generator and I have a couple of
different circuits to do it, but I've heard some comments about some
types of noise not being "good" cryptographically.
-- 
Jeremy Porter  ------------- Systems Engineering --------
Dell Computer Corp.   ------ jerry@terminus.us.dell.com ----
---  70 4F BD AE 6D E9 D2 66  48 18 8B E7 64 7F 59 8F ---
Support your Second Amendment rights to encryption technology.




Thread