While commenting about http://www.cs.bris.ac.uk/Research/CryptographySecurity/knowledge.html
, Marsh Ray wrote:
It talks about entropy exclusively in terms of 'unpredictability', which I think misses the essential point necessary for thinking about actual systems: Entropy is a measure of uncertainty experienced by a specific attacker.
I am curious that you seem to prefer the risk analysis definition of entropy over the more general definition. I am rather confident that a proper application of the more general definition is more effective in providing security assurance: the future attack vectors are deemed to be unexpected ones.
You are not alone using this perspective. NIST documents on secret random data generation are very confusing about the definition they use. (I dropped out of their feedback requests on the last revision/round where they split the contents into two documents and released only one.) NIST seems to refer to three definitions: one from the information-theory (min-entropy), one where every bit is unpredictable (full entropy -- you know how NIST loves cryptographic parameters of just the proper size), and the risk analysis definition.
Anyway, this whole thing about RSA modulus GCD findings questions us about entropy in a renewed perspective (a reminder that future attack vectors are deemed to be unexpected ones).
Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, QC, Canada H2M 2A1 Tel. +1-514-385-5691 _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
