Re: [RFC][PATCH] Make cryptoapi non-optional?

[David Wagner]

Val Henson  wrote:
>If entropy(x) == entropy(y), then:
>
>entropy(x) >= entropy(x xor y)
>entropy(y) >= entropy(x xor y)

No, that's still wrong.  Please see my earlier email with a counterexample.
That counterexample disproves not only the earlier claim, but also this more
recent revised claim.

Let x and y be two 80-bit strings.  Assume that x is either 0 or 1
(equal probability for both possibilities).  Assume y is either 0 or 2
(equal probability for both possibilities), and is independent of x.  Then
  entropy(x) = 1 bit
  entropy(y) = 1 bit
  entropy(x xor y) = 2 bits

Again, I believe there is little basis to distinguish between taking the
first half of SHA vs. xor-ing both the halves of SHA.  One can come up with
scenarios where one or the other is better, but there is little basis for
believing that one of those scenarios is especially more likely than the
other.

In short, we're arguing about how many angels can fit on a pinhead.
There are far better things to be worrying about.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/