-----BEGIN PGP SIGNED MESSAGE----- Hello Vincent Cate <vince@offshore.com.ai> and cypherpunks@toad.com and jsw@neon.netscape.com Vincent Cate <vince@offshore.com.ai> wrote: [about getting entropy from mouse]
You must get the random bits from something that nobody else could watch. ... other hand, an attacker would have to have broken the machine to get the mouse info ...
Not really... Have you ever been on an X system with host-based security (as opposed to xauth)? Anyone who has user login rights to the machine you're on (*) can just telnet in and open windows on your screen, blink the leds on your keyboard, install fonts, confine the mouse to a given screen area, etc. I understand that normally they can get a copy of every X event you get (and filter them), but I've never tried... (*) More accurately, any of the machines you can run X programs from. Mouse events might not be as secret as we would like... Jiri - -- If you want an answer, please mail to <jirib@cs.monash.edu.au>. On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMGYpmyxV6mvvBgf5AQFkxwQAif9RTKJRW9IhZxd1zp4kmEdHbf4IkdMX OgEhgeMf6d9+iyTnwZJjR/YvSOsonueKHxR+gmQWotf5r9Y7FmLCFLxw8U0F5AF3 wUjQtqnTlWEU5jt57bn3KZFs5EFqdKKAgj9J7qLlflKd2Bm0mAXK4S8mWIP2U7xu Sl5UbU3KcqE= =zlW+ -----END PGP SIGNATURE-----