1996-04-18 - Re: why compression doesn’t perfectly even out entropy

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: JonWienke@aol.com
Message Hash: 889278fa8c9dd31fd5baf0624991bbd567074c95e599eb8ddbe9ee06913a2be2
Message ID: <199604181352.JAA08215@jekyll.piermont.com>
Reply To: <960418025428_377757492@emout17.mail.aol.com>
UTC Datetime: 1996-04-18 18:15:01 UTC
Raw Date: Fri, 19 Apr 1996 02:15:01 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 19 Apr 1996 02:15:01 +0800
To: JonWienke@aol.com
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <960418025428_377757492@emout17.mail.aol.com>
Message-ID: <199604181352.JAA08215@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



JonWienke@aol.com writes:
> >Is it possible to find a percentage of the key space to eliminate that
> >will optimize security assuming that the attacker will try the easy
> >stuff first (and is it possible to quantify "easy stuff")?
> 
> If you eliminate all repeating byte sequences, such as 00 00 or 7F 7F, you
> will reduce your possible entropy by .07058% (7.99435 bits per byte), and
> eliminate the (astronomically remote) possibility of Hamlet or some other
> English text popping out of your RNG/PRNG.  As long as your key is long
> enough to withstand this slight entropy reduction, you are still OK.

Before making pronouncements like "You are still OK" you ought to
learn a bit more about cryptanalysis. Its tiny little statistical
toeholds like that which permit breaks. I don't know for sure, but my
intuition says that there may very well be instances in which a couple
of little nicks like that into the entropy of a key are sufficient to
radically lower the time to crack something. Since there are far
better techniques available (hash distillation, for instance) for
assuring the quality of a random stream, Jon's suggested techniques
should be regarded as unnecessary and dangerous.

PUBLIC SERVICE ANNOUNCEMENT:

For the benefit of everyone reading, I've become increasingly
convinced that Jon really doesn't understand the topic he's working on
well enough to trust, and he doesn't have the sense to know that he
doesn't understand it well enough. I know enough to know that I'm
extremely ignorant -- he's ignorant enough to think that he knows more
than he does. I don't mean to insult Jon -- I'm sure that in his own
field whatever it is he's a smart enough guy, and he seems like a nice
enough fellow -- but cryptography is a dangerous business -- bad
technique KILLS, literally. Until Mr. Wienke loses his bad case of
hubris I would suggest not taking his technical suggestions.

Perry





Thread