well hang on
do you mean "the entropy is guaranteed to be so vast as to be incalculable"
and if so, can we verify that guarantee?
Discussion
Yes.
Did you ever try opening a wabisabi round with a Boltzman tool? It either says "N/A" or it just crashes.
i mean
a tool crashing isnt precisely a guarentee 😂
my point is just that end users should be able to verify their privacy gains before using whatever tool
idk, how could the end user verify the quality of RSA 512 bit keys?
idk, try and factor them?
so it IS "trust me bro" in that same way.
in that the end user relies in the implementation and theory and can't independently verify.
it does seem like a problem to me in the case of smaller projects.
Entropy is never guaranteed
Entropy is the average uncertainty and we can trust averages to be average
Security relies on min-entropy, not Shannon entropy. Min-entropy bounds the worst case: the probability of the *most likely* interpretation, not the average.
Since H_min ≤ H_Shannon, proving high Shannon entropy guarantees even the adversary's best guess has astronomically low probability. We're not trusting averages, we're using the average as an upper bound on the maximum.