[Majromax]

> If you have a 1gig file generated from a 128bit seed, then the apparent uncertainty (1gig) is much higher than the actual uncertainty (128bit).

More than that, since you also need to specify the algorithm used for the prng. Your true entropy is the 128-bit key plus the Kolmogorov complexity (https://en.wikipedia.org/wiki/Kolmogorov_complexity) of the generating algorithm.

This is also a good example of how information-theoretic entropy can change based on our prior knowledge. If we already know the generating algorithm, then the entropy is just the 128-bit key.

> But since it's so very hard to undo the prng, it will behave very closely to something with 1gig of actual uncertainty.

No, not really. A one-time pad with 1Gb of actual uncertainty is not made weaker by disclosing 128 bits of entropy. However, 1Gb of PRNG data is made weaker (broken) by disclosing the 128-bit key if the algorithm is known.

We can practically equate the two because inverting the 128-bit system is just as impossible (absent a quantum computer large/fast enough to take 2^64 operations) within the age of the universe as inverting the 1Gb system.

[sfink]

Sure, but the thought experiment is more that you write down 128 bits, generate the 1gb, then eat the paper containing the 128 bits. You now have 1gb that behaves a lot like it is 1gb of entropy, even though it still isn't.

[im3w1l]

I think the concept I mentioned, apparent uncertainty, can be formalized by referencing efficient algorithms. Something like "no efficient algorithm can tell apparent uncertainty and actual uncertainty apart".