On Wed, Apr 02, 2014 at 01:34:26PM -0400, Theodore Ts'o wrote: > One of the problems is that there is a lot of nuance which is > required. For example, if you can't change the hardware, on a mobile > device, one of the few sources of unpredictability might be the radio > strength --- if you grab this in early boot and if you know that the > values aren't being fed via centralized logging scheme. It's not > really _entropy_ per se, but if you are assuming that someone sitting > in Fort Meade won't know whether your cell phone is in your knapsack > under the steel desk, or on top of the desk, it probably does add a > certain amount of protection. > > Ditto grabbing touch screen information; sure, if someone has a camera > surveilling you, it might not have much unpredictabiliy, but it's > still probably a good thing to mix into your entropy pool. > > And if we try to tell people that if you can't do anything at all > which is True Entropy (tm), you might as well go home, then people > might just do that.
In the movie "The Sting", horse race results are delayed to allow betting-after-the-fact; this demonstrates that with the knowledge you have after its disclosure, unpredictability no longer exists. So philosophically, all unpredictability is measured relative to some knowledge set. As a pragmatic exercise we can measure an upper bound on entropy (using min-entropy) based on what we assume are standard assumptions, but we don't know what we don't know. Which is an interesting parallel to computational security assurances. http://www.subspacefield.org/security/security_concepts/index.html#toc-Section-29 BTW, hello Paul, nice list :-) -- http://www.subspacefield.org/~travis/ Remediating... LIKE A BOSS
pgpb0O6rQ8MZw.pgp
Description: PGP signature
_______________________________________________ dsfjdssdfsd mailing list [email protected] https://www.ietf.org/mailman/listinfo/dsfjdssdfsd
