Home page logo

Vulnerability Development mailing list archives

Re: Data Entropy Tool
From: "Mike Davis" <mdavis () imperfectnetworks com>
Date: Fri, 24 Mar 2006 17:37:53 -0500

this really isnt a sufficient way of measuring entropy, since any pseudorandom number generator would also pass this test with ease..

if you try to compress an already compressed file for example you will see almost no compression.. thats not because the contents are truely random..
its just because a pattern was mildly difficult to find..

honestly, if you care about your entropy pool for cryptographic/security reasons, leave it to the professionals..

as i recommended off list, there is an old package called "diehard" that is purpose built for testing entropy generation.. it requires large volumes of entropy.. and even then, its hard to tell the difference between some PRNGs and true entropy..

----- Original Message ----- From: "Tom Vier" <tmv () comcast net>
To: <davidribyrne () yahoo com>
Cc: <vuln-dev () securityfocus com>
Sent: Friday, March 24, 2006 4:25 PM
Subject: Re: Data Entropy Tool

On Thu, Mar 23, 2006 at 04:20:24AM -0000, davidribyrne () yahoo com wrote:
Can anyone recommend a tool or library for measuring data entropy? Pass it a string, it returns a score.

fwiw: If you just need a rough comparison, compress the output. The lower
the compression ratio, the higher the entropy.

Tom Vier <tmv () comcast net>
DSA Key ID 0x15741ECE

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]