real randomness for netscape - user clicking mouse
Jeff Weinstein <jsw@neon.netscape.com>
If anyone has specific suggestions I would love to hear them so that we can do a better job.
Why not just do something similar to what PGP does? For netscape you could have a user make circling motions with the mouse and clicking at random times. For each click of the mouse you could get a few bits of randomness from the time, the X position, and the Y position. You could get random bits really fast this way. You only need to do this the first time a user uses encryption, or you might just go ahead and force all users to do this as part of starting up netscape the first time. On subsequent times you use your encryption algorithm to make your next seed. To be safe you could make up two seeds, encrypt each of them to mix them up a bit, and then XOR the results together. A random bit XORed with a non-random bit still produces a random bit. Actually there is probably a better way to just encrypt each input whole (padding to block size) and XORing as you go along - that way you would get whatever randomness was there to be had. Anyway, do something so you have as many or more bits of randomness in your seed as there are bits in your key or it will still be a weak link in your security chain. You could even get the randomness during regular mouse use. Unless the first thing a user did was try to use encryption I am sure you would have enough by the time he did use encryption (keep track). You must get the random bits from something that nobody else could watch. Network packets, process IDs, date, time, etc are not secure. On the other hand, an attacker would have to have broken the machine to get the mouse info used above, in which case netscape would have no security no matter what. -- Vince PS I want a free netscape server site license if you use this idea! :-)
Why not just do something similar to what PGP does?
Yes, why not... (it's been suggested before)
For netscape you could have a user make circling motions with the mouse and clicking at random times. For each click of the mouse you could get a few bits of randomness from the time, the X position, and the Y position. You could get random bits really fast this way.
Careful... the buttons one tends to click on are in the same regions, and the entropy would not be as great as say, with keyboard timings. I think fast timings between clicks (maybe added or xor'd with low bits from mouse positions?) is a better solution. Though the best way is to experiment... I wrote a DOS ISR to capture timings between clicks ('keyrand?.zip' on some ftp-sites) and experimented with speeding up the system clock (which is normally 18.2 times/sec), but the entropy appeared lower (superficially less random). -Rob
-----BEGIN PGP SIGNED MESSAGE----- Hello Vincent Cate <vince@offshore.com.ai> and cypherpunks@toad.com and jsw@neon.netscape.com Vincent Cate <vince@offshore.com.ai> wrote: [about getting entropy from mouse]
You must get the random bits from something that nobody else could watch. ... other hand, an attacker would have to have broken the machine to get the mouse info ...
Not really... Have you ever been on an X system with host-based security (as opposed to xauth)? Anyone who has user login rights to the machine you're on (*) can just telnet in and open windows on your screen, blink the leds on your keyboard, install fonts, confine the mouse to a given screen area, etc. I understand that normally they can get a copy of every X event you get (and filter them), but I've never tried... (*) More accurately, any of the machines you can run X programs from. Mouse events might not be as secret as we would like... Jiri - -- If you want an answer, please mail to <jirib@cs.monash.edu.au>. On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMGYpmyxV6mvvBgf5AQFkxwQAif9RTKJRW9IhZxd1zp4kmEdHbf4IkdMX OgEhgeMf6d9+iyTnwZJjR/YvSOsonueKHxR+gmQWotf5r9Y7FmLCFLxw8U0F5AF3 wUjQtqnTlWEU5jt57bn3KZFs5EFqdKKAgj9J7qLlflKd2Bm0mAXK4S8mWIP2U7xu Sl5UbU3KcqE= =zlW+ -----END PGP SIGNATURE-----
While it is true that on some versions of X you can watch mouse events on other peoples computers, it is also true that on some versions you can watch keyboard input. At CMU Bennet Yee wrote a program to get peoples passwords as they typed them in using X's poor/non-existent security back then. This was before xauth. I still think that the low bits of the mouses X and Y positions as the user moves the mouse around the screen are a very good source of random bits for Netscape. -- Vince
Vincent Cate writes:
While it is true that on some versions of X you can watch mouse events on other peoples computers, it is also true that on some versions you can watch keyboard input.
On my secure systems, when a machine running X has to be on an insecure network, I compile the X server so that it physically lacks the ability to speak to the network -- it does all its IPC via unix domain sockets. However, you are correct that most people don't take precautions like I do.
At CMU Bennet Yee wrote a program to get peoples passwords as they typed them in using X's poor/non-existent security back then. This was before xauth.
Xauth isn't secure, as folks have shown.
I still think that the low bits of the mouses X and Y positions as the user moves the mouse around the screen are a very good source of random bits for Netscape.
Agreed. Perry
On Sep 26, 8:05pm, Perry E. Metzger wrote:
I still think that the low bits of the mouses X and Y positions as the user moves the mouse around the screen are a very good source of random bits for Netscape.
Agreed.
In case it is not clear from our previous postings, our patched version will continually feed position and time of user events through the RNG hash, in addition to any seeding that we do on startup. In the case of X, we use both the X event time from the server, and the current time (based on the highest resolution clock available in the client). --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
participants (5)
-
Deranged Mutant -
Jeff Weinstein -
Jiri Baum -
Perry E. Metzger -
Vincent Cate