Official LSV Web Site


An entropy checker for ciphered network connections

See for updates and downloads.

Sample figures:

The principle of functioning of Net-Entropy relies on the randomness property of cryptographic algorithms. A perfectly random infinite Byte string have a statistical entropy that tends to 8 bits per Byte. The figure 1 shows the average estimated statistical entropy computed from small size random messages.

Figure 1: Average statistical entropy estimated from small random messages

The perfect case shown in the figure 1 is not quitely exact in real world cryptographic applications. This is essentially due to cryptographic protocols, which insert plain text messages for connection setup and key establishment. These messages insert a bias in the Byte distribution of the whole exchanged data, so which decrease the entropy. The figure 2 shows the entropy of a HTTPS connection (HTTP secured with SSL/TLS). The key establishment explains the initial low entropy, and the slower growth, once the content data are ciphered.

Figure 2: Statistical entropy for a HTTPS connection

The figure 3 shows the entropy of a HTTPS connection attacked with an exploitation of an OpenSSL flaw (BugTraq ID 5363). Data generated by the attack reduces the connection entropy.

Figure 3: Statistical entropy for an Apache/SSL attack connection

For additional information, the figure 4 shows the entropy of a connection of plain text protocols such as HTTP, SMTP and TELNET.

Figure 4: Statistical entropy plain data (http, smtp, telnet)

About LSV