In a message dated 96-04-18 15:05:51 EDT, Perry Metzger writes:

Before making pronouncements like "You are still OK" you ought to learn a bit more about cryptanalysis. Its tiny little statistical toeholds like that which permit breaks. I don't know for sure, but my intuition says that there may very well be instances in which a couple of little nicks like that into the entropy of a key are sufficient to radically lower the time to crack something. Since there are far better techniques available (hash distillation, for instance) for assuring the quality of a random stream, Jon's suggested techniques should be regarded as unnecessary and dangerous. [Slightly ad hominem PSA deleted]

1. If "cooking" a byte sequence in a manner that reduces its maximum entropy by less than 1% allows an attacker to break your cryptosystem, then it is crap to begin with. With only a little more effort, he could break it anyway. 2. All I was trying to say was that applying cooking technique X to a byte sequence will reduce the maximum entropy of the sequence by a factor of Y; adjust entropy expectations accordingly. I said nothing about the origin of the byte sequence, the techniques used to generate it, or the exact method for "cooking" it. I did not recommend against using hash distillation, hardware RNG's, or any other commonly accepted method of generating cryptographically useful random or pseudo-random numbers. Jonathan Wienke