Re: [RFC][PATCH] Make cryptoapi non-optional?

From: Matt Mackall
Date: Thu Aug 14 2003 - 21:25:13 EST

Next message: Charles Lepple: "Re: finding which pci device works as ide controller for root fs"
Previous message: mouschi: "Interesting VM feature?"
In reply to: David Wagner: "Re: [RFC][PATCH] Make cryptoapi non-optional?"
Next in thread: Andries Brouwer: "Re: [RFC][PATCH] Make cryptoapi non-optional?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Aug 15, 2003 at 01:45:45AM +0000, David Wagner wrote:
> Val Henson wrote:
> >On Thu, Aug 14, 2003 at 07:40:25PM +0000, David Wagner wrote:
> >> I don't see where you are getting this from. Define
> >> F(x) = first80bits(SHA(x))
> >> G(x) = first80bits(SHA(x)) xor last80bits(SHA(x)).
> >> What makes you think that F is a better (or worse) hash function than G?
> >
> >See Matt Mackall's earlier post on correlation, excerpted at the end
> >of this message. Basically, with two strings x and y, the entropy of
> >x alone or y alone is always greater than or equal to the entropy of x
> >xored with y.
> >
> >entropy(x) >= entropy(x xor y)
> >entropy(y) >= entropy(x xor y)
>
> Sorry; that's not accurate. Here's a counterexample. Let x and y be
> two 80-bit strings. Assume that x is either 0 or 1 (equal probability
> for both possibilities). Assume y is either 0 or 2 (equal probability
> for both possibilities), and is independent of x. Then
> entropy(x) = 1 bit
> entropy(y) = 1 bit
> entropy(x xor y) = 2 bits

Indeed. But here we're already assuming the entropy of x and y are
approximately the same as their size.

> The difference between F and G is very small, and there is not much
> basis for choosing one over the other.

The debate is really about the merits of F vs the original hash, and
it only came up because I had taken out the folding when trying to
benchmark $subject. My current code gets around that whole debate by
using F for /dev/random and (almost all of) the original hash for
/dev/urandom so we have both paranoid and fast. Now can we please
discuss the merits of $subject?

See this:

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&selm=jW3A.6xq.3%40gated-at.bofh.it&rnum=1

--
Matt Mackall : http://www.selenic.com : of or relating to the moon
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Charles Lepple: "Re: finding which pci device works as ide controller for root fs"
Previous message: mouschi: "Interesting VM feature?"
In reply to: David Wagner: "Re: [RFC][PATCH] Make cryptoapi non-optional?"
Next in thread: Andries Brouwer: "Re: [RFC][PATCH] Make cryptoapi non-optional?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]