Luigi Rosa wrote: >> Is this a meaningful statement? How do you measure the "entropy" of a >> seed (which I take to be a string)? And if you can, is it true that you >> can decrypt a string with low entropy? You deleted the statement I queried. Here it is "With headless and/or virtual servers the issue is even bigger because Linux could not be able to collect enough entropy to seed /dev/urandom" > The mathematic behind a PRNG (or DRNG to use NIST terminolgy) + Elliptic > Curve falls beyond my comprehension, so I have to take for granted what > experts say. I don't believe in "proof by expertise". You used the work "entropy". I'm asking what you mean by it. > The link to PDF I qoted in my previous message goes deep in detail, you > can refer to that paper if you need more informations. You used the word. I'm asking what you meant by it. > There are some models that define or analyze if a sequence is "randomic" > you can google around or take a look at > http://www.issihosts.com/haveged/ais31.html The nearest this comes to a definition of "empirical" entropy is "Accumulate the nearest predecessor distance between byte values in a 256000 + 2560 bit sequence and calculate the empirical entropy" On this basis the digits of pi are random, in which case it would be easy to supply random numbers. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland