Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Using mouse input for extra entropy
by
AndreyVen
on 05/09/2019, 02:20:56 UTC
Quote from: PrimeNumber7 on August 23, 2019, 05:12:14 AM
Quote from: ETFbitcoin on August 21, 2019, 08:27:24 AM
Quote from: PrimeNumber7 on August 21, 2019, 07:00:19 AM
A compromised computer producing not truly random numbers is unlikely to produce a collusion after two 'random' events. They will rather produce random numbers in a smaller space. The output will appear random without testing, but someone with knowledge of the specific space numbers will be generated will be able to generate a collusion with fairly low effort.

The movement of the mouse is intended to counter the above risk in adding user specific random to create a larger space of possible private keys even if the computer's random function is compromised.

If computer/OS random function (such as /dev/random) is compromised, then that means your computer most likely is compromised as well since you need superuser access to compromise it.
<>
Besides, good entropy won't help if the output is biased.
Using your mouse for additional 'randomness' will only help against a narrow subset of possible attacks, but one that is difficult to detect.

This might help you if you are using an 'offline' computer to generate private keys that has previously been exposed to the internet, but that will not be connected to the internet in the future. An attacker may anticipate this and mess with the /dev/random function and nothing else.

I understand this private key generation will take both the output from the /dev/random and the mouse movements converted into a number, and display a private key based on both. So if the /dev/random produces the same output two times, the difference in mouse movements will cause the software to produce two private keys.

The duration of mouse movements play a huge role as well. It gets exponentially more secure the longer you move your mouse around. every movement of the mouse so to say makes its predictability increasingly more difficult. So even if you move the mouse in a predictable manner for 10 seconds, if you move it in a non-standard way for 1 additional movement it becomes practically impossible to predict. Now do this for 30 seconds and you see where this is going. I don't have the math for this at hand right now, but it is simple statistics.