In a message dated 96-03-13 18:35:51 EST, Matt Blaze writes:
I would go even further than this. I wouldn't trust ANY environmentally-based random source (cycle spinner, keyboard timer, disk noise, whatever) against adversaries on the same system.
In DOS, the keyboard, mouse, and disk drives run on interrupts, not timers. If you use a timer as a spinner, such as the Windows GetCurrentTime() function, (I MSec. resolution) and check its value each time a key is pressed and released, It would appear that the results should be quite random, because the keystroke is not processed in conjunction with the timer, but rather whenever the interrupt occurs. My tests in this area indicate that any 8 bit value can be achieved with this method, with a fairly uniform distribution. My tests are not thorough (I haven't sat down and typed for 2 hours to test the distribution of the output), but results look reasonably good so far. Jonathan Wienke