Re: [RFC][PATCH] Make cryptoapi non-optional?

[David Wagner]

Val Henson  wrote:
>On Thu, Aug 14, 2003 at 07:40:25PM +0000, David Wagner wrote:
>> I don't see where you are getting this from.  Define
>>   F(x) = first80bits(SHA(x))
>>   G(x) = first80bits(SHA(x)) xor last80bits(SHA(x)).
>> What makes you think that F is a better (or worse) hash function than G?
>
>See Matt Mackall's earlier post on correlation, excerpted at the end
>of this message.  Basically, with two strings x and y, the entropy of
>x alone or y alone is always greater than or equal to the entropy of x
>xored with y.
>
>entropy(x) >= entropy(x xor y)
>entropy(y) >= entropy(x xor y)

Sorry; that's not accurate.  Here's a counterexample.  Let x and y be
two 80-bit strings.  Assume that x is either 0 or 1 (equal probability
for both possibilities).  Assume y is either 0 or 2 (equal probability
for both possibilities), and is independent of x.  Then
  entropy(x) = 1 bit
  entropy(y) = 1 bit
  entropy(x xor y) = 2 bits

The difference between F and G is very small, and there is not much
basis for choosing one over the other.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/