Re: [RFC][PATCH] Make cryptoapi non-optional?

[Jamie Lokier]

Matt Mackall wrote:
> No, it's a premise stated at the beginning of the thread. We're
> assuming perfect distribution for x and y. The problem here is that x
> and y can be dependent or independent. If they're independent, then
> there's no issue. If they're dependent (for instance correlated or
> anticorrelated) then x^y biases toward zero or one. Which clearly has
> less entropy.

Sure, but that only holds when you assume a specific mix of
independence and dependence among the bits.

(Bits within x are independent of each other, and also within y, while
at the same time x and y are dependent.)

In general, bits from x^y do not have more bias towards zero or one
than bits from x or y alone.  Consider an extreme:

   x = [ random_bit_0, random_bit_0 ]
   y = [ random_bit_1, ~random_bit_1 ]

Then:

   entropy(x) = entropy(y) = 1
   entropy(x^y)            = 2

This is no more arbitrary a mix of dependence and independence than
your assumption.

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/