Home page logo

Vulnerability Development mailing list archives

Re: Data Entropy Tool
From: exon <exon () home se>
Date: Fri, 24 Mar 2006 21:36:07 +0100

davidribyrne () yahoo com wrote:
Can anyone recommend a tool or library for measuring data entropy? Pass it a string, it returns a score.

Possibly you want the Levenshtein algorithm, but that's not accurate on unfixed lengths of entropy. If you want to measure each rand()-equivalent result, just treat each resulting unsigned int as a hash-value and see how many collisions you get. Since this is so trivial tro write I don't think anyone has made a tool available. This should (sort of) work (fix spelling errors yourself; it's friday and I'm drunk and headed for the pub).

#include <stdio.h>

int main(int argc, char **argv)
  unsigned x, coll[1024], c = 0;
  double biggest;
  for (x = 0; x < 1024; x++)
    coll[x] = 0;

    while ((x == read(fileno(STDIN)) != EOF) {
      coll[x & 1023]++;

  for (x = 0; x < 1024; x++) {
    if ((double)x / (double)c < (double)1023.0 / (double)c)
      biggest = (double)1023.0 / (double)c;

  if (biggest > 0.55)
    printf("Bad entropy, you foolsome git!\n");
    printf("Nicely done. Entropy is acceptable\n");

  return 0;


Use as such:

prng --lots-of-numbers | whatever-you-compile-the-above-to


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]