Re: One real life secure random generator

New Message Reply About this list Date view Thread view Subject view Author view

Michael Paul Johnson (mpj@ebible.org)
Wed, 15 Jul 1998 09:23:43 -0600


At 10:56 AM 7/15/98 +0100, Ben Laurie wrote:
>Carl Ellison wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> At 11:27 PM 7/14/98 +0100, Ben Laurie wrote:
>> >My idea was to poll the mouse once every second or so, rather than 20
>> >times a second. This would reduce the loss of entropy because of
>> >predictable mouse positions without severe overhead. Even better would
>> >be to do it during idle processing (if you are in no hurry to get the
>> >entropy).

In Microsoft Windows, mouse movements cause a series of mouse movement
messages (essentially one everytime the mouse cursor is redrawn). Tapping
into this message stream with a quick function to hash the mouse XY
coordinates and time into a "random" pool of bytes is quite effective, and
makes for an insignificant amount of overhead, even if you leave that
process active all the time. The message rate tends to slow down if the
system is heavily loaded, and speed up if it is not, but you still maximize
the entropy collected by getting all of these "mouse squeaks." Although
consecutive mouse squeaks are generally near each other, the hash of the
path of the mouse taken in signing a name or scribbling is EXTREMELY hard
to reproduce, even if you try -- especially with the time element and
variations in Windows loading taken into account.


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:24 ADT