Vulnerability Development mailing list archives
Re: Data Entropy Tool
From: "Mike Davis" <mdavis () imperfectnetworks com>
Date: Fri, 24 Mar 2006 17:37:53 -0500
this really isnt a sufficient way of measuring entropy, since any pseudorandom number generator would also pass this test with ease..
if you try to compress an already compressed file for example you will see almost no compression.. thats not because the contents are truely random..
its just because a pattern was mildly difficult to find..honestly, if you care about your entropy pool for cryptographic/security reasons, leave it to the professionals..
as i recommended off list, there is an old package called "diehard" that is purpose built for testing entropy generation.. it requires large volumes of entropy.. and even then, its hard to tell the difference between some PRNGs and true entropy..
-phar----- Original Message ----- From: "Tom Vier" <tmv () comcast net>
To: <davidribyrne () yahoo com> Cc: <vuln-dev () securityfocus com> Sent: Friday, March 24, 2006 4:25 PM Subject: Re: Data Entropy Tool
On Thu, Mar 23, 2006 at 04:20:24AM -0000, davidribyrne () yahoo com wrote:Can anyone recommend a tool or library for measuring data entropy? Pass it a string, it returns a score.fwiw: If you just need a rough comparison, compress the output. The lower the compression ratio, the higher the entropy. -- Tom Vier <tmv () comcast net> DSA Key ID 0x15741ECE
Current thread:
- Data Entropy Tool davidribyrne (Mar 24)
- Re: Data Entropy Tool exon (Mar 24)
- Re: Data Entropy Tool Tom Vier (Mar 24)
- Re: Data Entropy Tool Mike Davis (Mar 24)
- Re: Data Entropy Tool Aaron Turner (Mar 24)
- Re: Data Entropy Tool Shawn Fitzgerald (Mar 24)