At 08:14 PM 9/27/96 +0200, Anonymous wrote:

I just downloaded a copy of the beta version of Datafellows Windows 3.1 SSH and it asked to move the mouse around to generate some randomness. In reading Applied Crypto, it mentioned that there is no such thing as generating randomness from a personal computer unless something like a Geiger counter is used. Is there any way to create a fairly random sample from the mouse? Should one use lots of jerky movements, or take ones time with it?

In this case the entropy is the negative of the logarithm of the probability that you or someone else could exactly duplicate those mouse movements. I would guess that you get at least three bits a second just doodling around, so half a minute of doodles (a pretty long time) should be unbreakable. Some time ago, at a cypherpunks conference, people were making all sorts of ridiculous proposals for being really, really, really, sure that you had real entropy, and a prominent cypherpunk, possibly Tim May, said, "This is ridiculous: Nobody ever broke good crypto through weakness in the source of truly random numbers". Sometime after that Netscape was broken through weakness in the source of truly random numbers. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd@echeque.com