[cryptography] Mobile Devices and Location Information as Entropy?

Kevin W. Wall kevin.w.wall at gmail.com
Sat Apr 2 23:24:33 EDT 2011


On 04/02/2011 10:20 PM, Jon Callas wrote:
>> If you only use the LSB/digit then it's not a concern since those
>> numbers have a cycle of tens of meters and on top of that there is
>> daily inaccuracy injected by design (not to be confused with jitter
>> which was removed from the code 10 years ago)...
> 
> It is in my opinion a mistake to try to infer from a lightly
> entropic source where the entropy is. Take *everything* that you
> think might useful and run it through a hash function. Thinking
> that the entropy is in the low bits is a mistake. Hash functions
> exist for a purpose. Use them.

Of course, if the GPS is tracking the random walk of a drunken
sailor, you might be OK in terms of your entropy. (Sounds like
an experiment is in order. ;-)

-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME



More information about the cryptography mailing list