From: cme@cybercash.com (Carl Ellison)
Date: Sat, 30 Mar 1996 15:08:42 +0800
To: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Subject: Re: Random Number Testing
Message-ID: <v02140b0aad81dff145f3@[204.254.34.231]>
MIME-Version: 1.0
Content-Type: text/plain


At 01:34 3/29/96, Deranged Mutant wrote:

>> -     Is this apparent entropy really *unpredictable* (the most useful
>>       definition of "random" for cryptographic purposes)?
>
>Good question. You'd need to look for patterns.  Barring none, you'd
>have to guess the factors that lead to the entropy, and then see if
>there's a way to reverse-engineer it. (Perhaps use a stripped down
>system and build it up, or disable some of the hardware and OS
>features etc.)

There's more to unpredictability than patterns or their absense.  In
addition, you have to look at the ability of anyone else on the same
machine to learn things about the data you're gathering and subtract the
entropy of that commonly available data.

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+