On Thu, Aug 24, 2000 at 09:53:05PM -0400, Adam Back wrote:
>
>
> Tim writes:
> > At 3:08 PM -0400 8/24/00, Marcel Popescu wrote:
> > >
> > >Speaking of which - does anybody have any hints on how to determine the
> > >entropy of an input string?
> > > [...]
>
> Traditionally CPRNGs pass this problem on the implementor. Ie the
> person collecting the keystrokes, mouse movements and so on.
>
> There is for example code in PGP which looks at inter key press
> timings, and constructs 1st and 2nd order differentials to try to
> avoid stuck keys, people pressing the same key repeatedly etc.
There's also the code in the linux /dev/random implementation, which
keeps a running estimate of the entropy that's beeing added
to the random pool, a byte at a time.
--
Eric Murray http://www.lne.com/ericm ericm at lne.com PGP keyid:E03F65E5
Consulting Security Architect
