Re: Data Entropy Tool

["Mike Davis" <mdavis () imperfectnetworks com>]

this really isnt a sufficient way of measuring entropy,  since any 
pseudorandom number generator would also pass this test with ease..

if you try to compress an already compressed file for example you will see 
almost no compression.. thats not because the contents are truely random..
its just because a pattern was mildly difficult to find..

honestly, if you care about your entropy pool for cryptographic/security 
reasons, leave it to the professionals..

as i recommended off list, there is an old package called "diehard" that is 
purpose built for testing entropy generation..
it requires large volumes of entropy.. and even then, its hard to tell the 
difference between some PRNGs and true entropy..

-phar
----- Original Message ----- 
From: "Tom Vier" <tmv () comcast net>
To: <davidribyrne () yahoo com>
Cc: <vuln-dev () securityfocus com>
Sent: Friday, March 24, 2006 4:25 PM
Subject: Re: Data Entropy Tool


> On Thu, Mar 23, 2006 at 04:20:24AM -0000, davidribyrne () yahoo com wrote:
> > Can anyone recommend a tool or library for measuring data entropy? Pass 
> > it a string, it returns a score.
>
> fwiw: If you just need a rough comparison, compress the output. The lower
> the compression ratio, the higher the entropy.
>
> --
> Tom Vier <tmv () comcast net>
> DSA Key ID 0x15741ECE