On Wed, Nov 14, 2001 at 07:01:28PM +0100, Juan Segarra wrote: > My question relates to the entropy parameter in RAND_add() function and > the use of it along the command line applications. > > I've observed that nearly all calls to RAND_add() have their entropy set > to 0. I'm writing some examples about crypto functions and most of them > need the PRNG being seeded before use and i'm very interested in doing > this well. > > By now i've been calculating the entropy parameter with Shannon's > expression (256 possible states) divide by 8. But the way it's handled in > command line applications confuses me. > > So... what's the meaning of entropy? Or... how can i estimate it?
The entropy parameter should tell, how much "uncertainty" is in the data provided. With 256 variations per byte you will find a certain number of possible states for 100bytes, but if the 100bytes are english text, not all of these possible states have the same probability. You will find a lot of "e", " ", "a" and only few "ö" symbols. Therefore the entropy is not the full amount but it is (much) lower. A good guess about the "informational contents" is the amount that is left after you run a compression algorithm over the data. You will e.g. find, that a typical maillog file can be compressed down to 10% of its original size (depending on the typical events loggted, of course). One would therefore account only 10% of the original byte count as entropy. If you have a phyisical source, you may be able to calculate the entropy available from this source by phyisical knowledge. When taking input from a computer you have to guess the number and the compression factor is one indicator. If we choose a value of 0, we mean that there may be entropy in it, but maybe an attacker can predict the value, so we use it but do not count it as a really unpredictable input. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]