Steffen DETTMER wrote:
> * Lutz Jaenicke wrote on Fri, Sep 19, 2008 at 16:46 +0200:
>
>> OpenSSL's internal PRNG uses a 1024 byte pool mixing entropy with
>> SHA-1 so the more bytes a mixed in, the better. At least it cannot hurt
>> to add any input to it as the entropy in the pool can never decrease
>> by mixing in more bytes.
>>
>
> ok, I just think that at least the last sentence is not
> neccesarily correct, namely when the entropy sources depend on
> each other.
>
We assume independent sources here.
> I guess if SHA-1 is assumed perfect here (and because of
> the kind of mix which is using it) it might be impossible to
> construct the data dependency in a way to abuse that because no
> reversion of SHA-1 should be know, so practically no impact.
>
> But in another (general) case it could harm, for instance in
> worst case the mix function could be an XOR and the dependency of
> input sources could be a symbolic link, leading to infinite zeros
> as entropy. Of course this is very artificial, but maybe other
> dependencies could lead to a weakness of entropy when mixing it
> with dependent/derived entropy?
>
This seems to be quite artificial. The logic behind it is a bit different
you can XOR any information into a random stream without reducing
the entropy of the random stream: the stream will look different but
it will be as "unpredictable" as before.
The setup you describe here indeed has a systematic flaw in that
XOR would kill of the entropy from the random stream... From the
mathematical point of view the analysis should still be correct. As
the XORed bytes would be the same as the "random" ones, the "random"
ones would not contain entropy: they are predictibly identical to the
XORed bytes.
Having this said: the SHA-1'ed pool should be resistant to this problem.
Best regards,
Lutz
> oki,
>
> Steffen
>
> About Ingenico Throughout the world businesses rely on Ingenico for secure
> and expedient electronic transaction acceptance. Ingenico products leverage
> proven technology, established standards and unparalleled ergonomics to
> provide optimal reliability, versatility and usability. This comprehensive
> range of products is complemented by a global array of services and
> partnerships, enabling businesses in a number of vertical sectors to accept
> transactions anywhere their business takes them.
> www.ingenico.com This message may contain confidential and/or privileged
> information. If you are not the addressee or authorized to receive this for
> the addressee, you must not use, copy, disclose or take any action based on
> this message or any information herein. If you have received this message in
> error, please advise the sender immediately by reply e-mail and delete this
> message. Thank you for your cooperation.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
