Gregory Maxwell wrote:
> In this case, we can play the paranoid and just mix it in and not
> increase the entropy count.
>
> If the current 'twisted crc32 mixer thingy' doesn't provide that your
> entropy can never go down even with NSA input data, then we need ones > that does.
Any reversible binary operation -- a XOR b, a + b, encrypt a with
key b, ... -- provides that.
The attacker doesn't know a before the operation. Afterward, if he
knows b and the result and the operation is reversible, then he can
recover a. Therefore the result contains at least as much information
unknown to the attacker (=at least as much entropy) as a did.
The point of the twisting is to spread the incoming entropy around
the pool a bit. Down at the lowest level, it uses XOR to mix so it
cannot reduce entropy, whatever the input data.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:13 EST