Internet Privacy Guaranteed ad (POTP Jr.)

E. ALLEN SMITH EALLENSMITH at ocelot.Rutgers.EDU
Sat Feb 24 01:07:20 PST 1996


From:	IN%"m5 at dev.tivoli.com" 22-FEB-1996 11:47:13.40

>Perry E. Metzger writes:
> > If you start with 100 bits of entropy, your stream will have only 100
> > bits of entropy. If you start with 1024 bits, you will have a kilobit
> > of entropy, and so forth.
> > 
> > This may seem like a lot, but it really isn't.

	I'm an almost complete novice at cryptography, and even I know that
Perry is completely correct in this. Look at it this way. You've got a computer
algorithm doing something or another. Given the two pieces of information
(the entropy) of the initial somewhat random number and the number of
iterations, it will produce _one_ and _only one_ number out the end. Now, if
you have a high-quality PRNG (that's what this is), it will be very hard to
predict what set of numbers will turn out just from knowing the algorithm, but
you're still not adding to the number of possibilities from your initial
random number.

>...and note that IPG does us the favor of ensuring the keys conform to
>this elaborate battery of statistical tests.  Thus, there are bunches
>of keys that "aren't random enough" and thus not among the set to be
>considered when trying to break one.

	Quite. It's about like my doing an experiment with randomly selected
groups and deliberately selecting only ones that match my preconcieved notions
of how it's supposed to be. You can do that for things that aren't what one is
looking at (i.e., controlling for stuff), but do it with the _result_ and
you'll be laughed out of any respectable journal in which you try to publish
it.
	-Allen






More information about the cypherpunks-legacy mailing list