Re: [dsfjdssdfsd] Any plans for drafts or discussions on here?

Krisztián Pintér <> Thu, 23 January 2014 22:37 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 667EC1A0403 for <>; Thu, 23 Jan 2014 14:37:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id M1AUaJBD4E1W for <>; Thu, 23 Jan 2014 14:37:57 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4013:c00::22f]) by (Postfix) with ESMTP id 078BC1A03DC for <>; Thu, 23 Jan 2014 14:37:56 -0800 (PST)
Received: by with SMTP id d49so643792eek.34 for <>; Thu, 23 Jan 2014 14:37:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=date:from:message-id:to:cc:subject:in-reply-to:references :mime-version:content-type:content-transfer-encoding; bh=7B1iStkrXoRRDhqKXtTXuCjBnEg6aLHdZJruCX5ifa8=; b=nUKFoIF2QyBv64xT/2xr/PByd0g2mH/rLdd28FtomFmmrEC5EPqbTR+zSVzpERwXM6 6tab/vPr7X6VDvAQbrxSa3PCe1qYm8lg8TURsd3JcNEgtZ7Fk0L3XXvrAs7hDCjWAm+f mZZactH2iKGL19p7KJ5HJs40Br/P1EYdPiF1zu4FkiZQOJ28seSkIsJI58p6dgzNWuPS FbNyZ8j+sNGh7DSJzvsxuQfGhDUngkUI+Z46dHnmWWuwECg8fNL1RARTxKEJRFGseWaK sSBTegQhAbyS+QMzQbACq/jS5XP/UwRG1eYrBSgT+tA2k/rFqDRMAsvc6UG4CoA1BBNC SG4A==
X-Received: by with SMTP id s1mr9495290eeo.21.1390516675694; Thu, 23 Jan 2014 14:37:55 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id o43sm8605068eef.12.2014. for <multiple recipients> (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 23 Jan 2014 14:37:55 -0800 (PST)
Date: Thu, 23 Jan 2014 23:38:07 +0100
From: Krisztián Pintér <>
X-Priority: 3 (Normal)
Message-ID: <>
To: Michael Hammer <>
In-Reply-To: <>
References: <> <> <> <> <03f201cf17ee$e34ccbf0$a9e663d0$> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: "" <>, "" <>
Subject: Re: [dsfjdssdfsd] Any plans for drafts or discussions on here?
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The dsfjdssdfsd list provides a venue for discussion of randomness in IETF protocols, for example related to updating RFC 4086." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 23 Jan 2014 22:37:58 -0000

Michael Hammer (at Thursday, January 23, 2014, 9:49:32 PM):
> This may get off-topic, but are there good software tools for testing
> entropy, 
> that could help applications determine if the underlying system is giving
> them good input?

disclaimer: i'm no expert, it is just what i gathered. (i'm pretty
much interested in randomness.)

short answer: no

long answer: in some situations yes. if you are handed a bunch of
data, all you can do is to try different techniques to put an upper
limit on the entropy. for example you can calculate the shannon
entropy assuming independent bits. then you can hypothesize some
interdependence, and see if you can compress the data. you can apply
different lossless compression methods. the better compression you
find puts an upper limit on the entropy. but never a lower limit.

you can only do better if you have an idea about the process that
created the data. for example you might assume that it is mostly
thermal noise. you can assume that thermal noise has some frequency
distribution, or energy or whatever, etc. within this assumption, you
can determine the entropy content by measurements. but at this point,
you are pretty much prone to two errors: 1, what if your assumption is
wrong and 2, what if your physical model overestimates the
unpredictability of the given system. example for the former: the
signal might be largely controllable by an external EM interference,
and then you measure not noise, but attacker controlled data. example
for the latter: a smartass scientist might come up with a better
physical model for thermal noise.

it is also important to note that entropy is observer dependent. we
actually talk about the entropy as seen by the attacker. but it is not
straightforward to assess what is actually visible to an attacker and
what is not. observation methods improve with time.