[Bro-Dev] Changes in entropy computation code.

Seth Hall seth at icir.org
Wed Oct 5 06:06:43 PDT 2011

On Oct 5, 2011, at 8:31 AM, Rakesh Gopchandani wrote:

> However, there is an issue with how the entropy is being computed.

This is well outside of my expertise, but your change is in opposition to how ENT[1] does it.  

-			ent += prob[i] * rt_log2(1 / prob[i]);
+			ent += prob[i] * rt_log2(prob[i]);

I just went back and verified and it looks like the original line is how it's done.

> Also, I needed a special bif to compute entropy for strings of a specified length, so added that too. 

I would rather not integrate this.  My suggestion would be to trim the string with the sub_bytes BiF before passing it to the find_entropy function.


1. http://www.fourmilab.ch/random/

Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the bro-dev mailing list