David Honig wrote:
> >[I would not feel particularly comfortable merely combining the bits
> >of a single sample -- distilling entropy using a hash function and
> >large blocks of input would probably work out better. I'm sure there
> >will be plenty of opinions around here. --Perry]
>
> A secure hash will only obscure entropy measurement (a good hash gives
> 1bit/symbol *apparent* entropy even if only few input bits change
> infrequently). You must measure your distillate's entropy before
> hashing if you hash.
The purpose of the secure hash is to make sure your entropy is evenly
spread. Clearly you must measure it before this whitening (though I'm
underconvinced you can actually measure entropy in real life - however,
I'm certain you can't after its been whitened).
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
