From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r0r42HgKkUzG for ; Sun, 9 Sep 2012 23:40:11 +0200 (CEST) Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Sun, 9 Sep 2012 23:40:10 +0200 (CEST) Received: from gatewagner.dyndns.org (84-72-142-78.dclient.hispeed.ch [84.72.142.78]) by v4.tansi.org (Postfix) with ESMTPA id 5EEFE1404001 for ; Sun, 9 Sep 2012 23:40:10 +0200 (CEST) Date: Sun, 9 Sep 2012 23:40:09 +0200 From: Arno Wagner Message-ID: <20120909214009.GA9465@tansi.org> References: <20120909004109.GA6421@tansi.org> <504C5300.5030102@gmail.com> <20120909133512.GA27154@tansi.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120909133512.GA27154@tansi.org> Subject: Re: [dm-crypt] Key-Slot Checker Tool List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Sun, Sep 09, 2012 at 03:35:12PM +0200, Arno Wagner wrote: > On Sun, Sep 09, 2012 at 10:27:44AM +0200, Milan Broz wrote: [...] > > (And the same random test perhaps should be in tests for large > > enough blocks - see tests/differ.c, there is nice fixme :-) > > Will have a look. Question for that, is the "R" option one random thing replaced with another random thing? If so, I can fix that test by XORing both and calculating entropy on the result. Will still require -lm for the log() though. And an update on the 0.85 threshold: I have checked 10 Million random 512B blocks and the sample entroy never went below 0.92. For larger blocks the probability will be even lower. I think 0.85 is quite adequate as threshold. However, the test in differ.c will probably need to go back to a count of differing bits for blocks significantly smaller than 512B or use a lower threshold. Is it used for small blocks, e.g. keys? Arno > > I am just not sure introducing floating point in libcryptsetup > > is good idea. > > While this can be done without, it is really hard. Basically > you eiher need to simulate the logarithm in fixed-point integer > or build up huffman tree as direct entropy estimator. Easiest way > would probably be fixed-point and a 1000-entry table for the > log(). > > > But perhaps this can be compile time option, > > if some ancient/embedded CPU/distro has problems here, > > so it can be compiled-out. > > I like that idea much better. > > So, next step, make it use luks.h and put it in misc/ ? > > Arno > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name > GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F > ---- > One of the painful things about our time is that those who feel certainty > are stupid, and those with any imagination and understanding are filled > with doubt and indecision. -- Bertrand Russell > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell