[cryptography] Mobile Devices and Location Information as Entropy?

Jon Callas jon at callas.org
Sat Apr 2 22:20:51 EDT 2011


> If you only use the LSB/digit then it's not a concern since those
> numbers have a cycle of tens of meters and on top of that there is
> daily inaccuracy injected by design (not to be confused with jitter
> which was removed from the code 10 years ago)...

It is in my opinion a mistake to try to infer from a lightly entropic source where the entropy is. Take *everything* that you think might useful and run it through a hash function. Thinking that the entropy is in the low bits is a mistake. Hash functions exist for a purpose. Use them.

	Jon




More information about the cryptography mailing list