mailing list archives
Re: Data Entropy Tool
From: "Mike Davis" <mdavis () imperfectnetworks com>
Date: Fri, 24 Mar 2006 17:37:53 -0500
this really isnt a sufficient way of measuring entropy, since any
pseudorandom number generator would also pass this test with ease..
if you try to compress an already compressed file for example you will see
almost no compression.. thats not because the contents are truely random..
its just because a pattern was mildly difficult to find..
honestly, if you care about your entropy pool for cryptographic/security
reasons, leave it to the professionals..
as i recommended off list, there is an old package called "diehard" that is
purpose built for testing entropy generation..
it requires large volumes of entropy.. and even then, its hard to tell the
difference between some PRNGs and true entropy..
----- Original Message -----
From: "Tom Vier" <tmv () comcast net>
To: <davidribyrne () yahoo com>
Cc: <vuln-dev () securityfocus com>
Sent: Friday, March 24, 2006 4:25 PM
Subject: Re: Data Entropy Tool
On Thu, Mar 23, 2006 at 04:20:24AM -0000, davidribyrne () yahoo com wrote:
Can anyone recommend a tool or library for measuring data entropy? Pass
it a string, it returns a score.
fwiw: If you just need a rough comparison, compress the output. The lower
the compression ratio, the higher the entropy.
Tom Vier <tmv () comcast net>
DSA Key ID 0x15741ECE