On Tue, Sep 11, 2012 at 03:01:25PM -0600, Ian Lepore wrote: > On Tue, 2012-09-11 at 13:09 -0700, David O'Brien wrote: > > Good to see someone have thoughts on this. I've only seen it stated > > that entropy passes thru mostly "untouched" thru a cryptographic hash > > in the literature. ... > Whether the same might be true of a hash is an interesting question, > since it discards information rather than just changing the way it's > encoded.
Ian, This is a key point of Yarrow's design. See http://www.schneier.com/paper-yarrow.ps.gz in 5 'The Generic Yarrow Design an Yarrow-160' The reason is if you take an 'm' bit random value and apply a hash function that produces 'm' bits of output, the result has less than 'm' bits of entropy due to the collisions that occur. This is a very minor effect, and overall results in the loss of at most a few bits of entropy. -- -- David ([email protected]) _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-rc To unsubscribe, send any mail to "[email protected]"
