Re: One real life secure random generator

Ben Laurie (ben@algroup.co.uk)
Tue, 14 Jul 1998 23:27:31 +0100

• Next message: Paulo Barreto: "Re: Elliptical Curve Encryption"
• Previous message: Carl Ellison: "pools of entropy"
• Next in thread: Carl Ellison: "Re: One real life secure random generator"
• Reply: Carl Ellison: "Re: One real life secure random generator"

Bill Frantz wrote:
> Someone else, and I'm sorry I don't have the email here to quote, suggested

It was I.

> that capturing entropy from mouse events would not generate good entropy.
> There are actually several sources of hard-to-predict entropy in mouse events:
>
> (1) While the user may only be selecting a small number of menu items, the
> actual pixels they select are much harder to reproduce. One way of testing
> this is to instrument a UI to display to last pixel selected (on mouse down
> or mouse up) in some corner of the window. Then see how easy it is to
> select the same pixel each time.

This is really agreeing with me: I said that using mouse up/down events
tended to reduce the entropy of the position data. There's nothing wrong
with that, of course, so long as it is taken into account.

> (2) The value of the CPU counter when the mouse down/up event occurs
> depends on when the user actually provided the input. While this time may
> be quantitized by the mouse scanning routines, differences of 1/10 a second
> are easily within the expected variance of user response, giving a source
> of hard-to-predict entropy.

Good point.

> If you need to gather a lot of entropy quickly, mouse tracking, where you
> (or the OS) poll the mouse location 20 times a second or so, is the way to
> go. This technique is what PGP 5.x uses. However, it uses a lot of CPU,
> so it expensive when you are in the, "let's add more entropy because we're
> paranoid" mode and have an application which can use all the CPU on its own.

My idea was to poll the mouse once every second or so, rather than 20
times a second. This would reduce the loss of entropy because of
predictable mouse positions without severe overhead. Even better would
be to do it during idle processing (if you are in no hurry to get the
entropy).

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/
WE'RE RECRUITING! http://www.aldigital.co.uk/recruit/

• Next message: Paulo Barreto: "Re: Elliptical Curve Encryption"
• Previous message: Carl Ellison: "pools of entropy"
• Next in thread: Carl Ellison: "Re: One real life secure random generator"
• Reply: Carl Ellison: "Re: One real life secure random generator"