Ed Carp writes:
Also add that many people seem to tend to swirl the mouse in fast circles, where there isn't *any* latency between mouse movements, and you get even less entropy. I suspect that Colin Plumb's code, while a nice try, would be a bit less useful that might have been otherwise suspected.
Colin's code, independent of implementation, simply uses MD5 as a block cipher to "launder" bit-streams that contain non-uniform distributions of true random data. See "Truly Random Numbers" in Dr. Dobb's Journal, November 1994, p. 113. How much entropy you get out depends entirely on what you feed in. I've put my code up on the cypherpunks ftp site, but I'm still waiting to hear back from the site maintainers as to its final location. In any case, that code uses the mouse _position_ and system timings in microseconds as input to the MD5 engine. So swirling the mouse should provide a good source of random input, better the faster it's moved. However, any code that generates random session keys should properly include routines to estimate the amount of entropy collected, and not generate a 128-bit key until at least 128 bits of entropy have been fed into the pool. This is a non-trivial problem, although PGP makes a good stab at it. To my knowledge, CryptDisk does not include this feature, and really ought to. For my own purposes in Curve Encrypt, this is not necessary, since I don't generate session keys, only salts. -- Will