![]() ![]() I have read that it's customary to take the hash of the entropy source in order to generate a safe key. Why not just settle for about 128 bits? Won't you get bored rolling 100 dice? Be practical! You almost certainly don't need 256 bits of entropy anyway. Or alternatively and much more practically, you could just convince yourself that the 100 dice rolls, even if somewhat unfair, are actually way more than enough to provide adequate security. In such cases you might need more than 100 dice rolls to get to a full 256 bits of entropy. ![]() Then each roll has a min-entropy of $-log_2(17/100) = 2.556$ bits, so 100 rolls give you $255.6$ bits of entropy-just short of 256 bits. In the case of an unbalanced dice, imagine for the sake of argument that a six is the most likely outcome, and the probability of rolling it is not 1/6 ($16.\overline\%$), but rather 17/100 ($17\%$). (Shaking the dice vigorously in a dice cup is said to improve the fairness of rolls.) The dice are rolled in a way that doesn't really randomize the results.(Casinos use special dice designed to be more balanced than ordinary dice.) The dice are unbalanced, so that one side is heavier than the others, and thus the side opposite to that one is disproportionately likely.The more complex case comes when the dice rolls aren't fair: Each roll of a fair six-sided die has $log_2(6) = 2.58$ bits of entropy, so you need 100 rolls from six-sided dice to get to the 256-bit mark. ![]() You should concatenate (not add!) the results in the exact order you get them. The reason is simple: an adversary who can't snoop on the dice rolls can't guess the results in any reasonable amount of time either. If you roll enough dice, the rolls are fair, and no adversary can monitor them, it is cryptographically secure. I have a 256bit fully random entropy source from dices, which is probably not cryptographically secure. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |