Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:25 ADT
Enzo Michelangeli (em@who.net)
Thu, 16 Jul 1998 07:17:40 +0800
-----Original Message-----
From: Michael Paul Johnson <mpj@ebible.org>
To: CodherPlunks@toad.com <CodherPlunks@toad.com>
Date: Thursday, July 16, 1998 12:50 AM
Subject: Re: One real life secure random generator
[...]
>In Microsoft Windows, mouse movements cause a series of mouse movement
>messages (essentially one everytime the mouse cursor is redrawn). Tapping
>into this message stream with a quick function to hash the mouse XY
>coordinates and time into a "random" pool of bytes is quite effective, and
>makes for an insignificant amount of overhead, even if you leave that
>process active all the time. The message rate tends to slow down if the
>system is heavily loaded, and speed up if it is not, but you still maximize
>the entropy collected by getting all of these "mouse squeaks." Although
>consecutive mouse squeaks are generally near each other, the hash of the
>path of the mouse taken in signing a name or scribbling is EXTREMELY hard
>to reproduce, even if you try -- especially with the time element and
>variations in Windows loading taken into account.
Well, yes, but the difficulty added by hashing is computational, and does
not change the entropy. In order to gauge the latter, e.g. estimating the
bits contributed by each sample, we should consider the correlation
between squeaks. (I'm here speaking of "correlation" in loose terms, not
referring to the narrow mathematical definition as expected value of the
product, which only spots linear statistical dependencies.)
Enzo
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:25 ADT