Post
Topic
Board Development & Technical Discussion
Re: Using mouse input for extra entropy
by
PrimeNumber7
on 23/08/2019, 05:12:14 UTC
A compromised computer producing not truly random numbers is unlikely to produce a collusion after two 'random' events. They will rather produce random numbers in a smaller space. The output will appear random without testing, but someone with knowledge of the specific space numbers will be generated will be able to generate a collusion with fairly low effort.

The movement of the mouse is intended to counter the above risk in adding user specific random to create a larger space of possible private keys even if the computer's random function is compromised.

If computer/OS random function (such as /dev/random) is compromised, then that means your computer most likely is compromised as well since you need superuser access to compromise it.
<>
Besides, good entropy won't help if the output is biased.
Using your mouse for additional 'randomness' will only help against a narrow subset of possible attacks, but one that is difficult to detect.

This might help you if you are using an 'offline' computer to generate private keys that has previously been exposed to the internet, but that will not be connected to the internet in the future. An attacker may anticipate this and mess with the /dev/random function and nothing else.

I understand this private key generation will take both the output from the /dev/random and the mouse movements converted into a number, and display a private key based on both. So if the /dev/random produces the same output two times, the difference in mouse movements will cause the software to produce two private keys.