Ray Arachelian (sunder@brainlink.com)
Thu, 30 Jul 1998 12:35:25 -0400
Well yeah, it's a question of the slope of the line, the length in pixels on
your screen (10cm on mine is different than on yours), what time of the day you
move it, how fast you do it, do you do it smoothly in one stroke, or do you
accelerate/decelerate -- and where? etc...) :)
(Not saying that the implementation is any good since I've not looked at it, -
the applet crashed with a null pointer exception, so based on that, the PRNG
they use likely is very lame, but I am just stating that there are a lot of
variables there to work from that could be had from moving the mouse...)
Peter Gutmann wrote:
>
> I've just been informed of another example of a very questionable RNG. Have a
> look at https://spk-ihb.izb-hb.de/SPK_Forchheim/index.html, the first thing
> you'll be asked to do is move your mouse a bit to generate a 128-bit session
> key for use in Internet banking. Apparently moving your mouse in a 10cm
> straight line is enough to generate 128 bits of entropy. Java types may want
> to look at this in a bit more detail.
>
> Peter.
>
--=====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian |Prying open my 3rd eye. So good to see |./|\. ..\|/..|sunder@sundernet.com|you once again. I thought you were |/\|/\ <--*-->| ------------------ |hiding, and you thought that I had run |\/|\/ ../|\..| "A toast to Odin, |away chasing the tail of dogma. I opened|.\|/. .+.v.+.|God of screwdrivers"|my eye and there we were.... |..... ======================= http://www.sundernet.com ==========================
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:21:02 ADT