Carl Ellison (cme@clark.net)
Sun, 12 Jul 1998 20:57:37 -0400 (EDT)
On Sun, 12 Jul 1998, Michael F. Reusch wrote:
> I was wondering when "mixing bad entropy with good entropy results in good
> entropy". If an attacker can feed you things to mix in doesn't this depend
> on the
> mixing function? Mixing bits is not like mixing gases and the entropy can
> decrease!
> It is pretty clear that for simple bitwise mixing functions AND and OR are
> very bad
> choices and with XOR the attacker can force you to simply flip your bits
> between
> uses and this does not sound good.
AND and OR are no good, of course, but XOR is just fine. If the
attacker forces you to flip bits, you aren't hurt and the attacker
learns nothing. Neither of you knows those bits and you don't care
what value they have. All you care about is that no one knows them
or can guess anything about them.
XOR doesn't mix very thoroughly, however, so people often use
cryptographically strong hash functions, like SHA-1, for this mixing.
XOR doesn't carry form one bit to the next but a good hash function
will affect each output bit with each input bit (with probability about
1/2).
- Carl
Carl M. Ellison cme@acm.org http://www.clark.net/pub/cme
PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2
``Officer, officer, arrest that man! He's whistling a dirty song.''
Jean Ellison (aka Mother)
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:18 ADT