real randomness for netscape - user clicking mouse
Jiri Baum
jirib at sweeney.cs.monash.edu.au
Sun Sep 24 21:06:43 PDT 1995
-----BEGIN PGP SIGNED MESSAGE-----
Hello Vincent Cate <vince at offshore.com.ai>
and cypherpunks at toad.com
and jsw at neon.netscape.com
Vincent Cate <vince at offshore.com.ai> wrote:
[about getting entropy from mouse]
> You must get the random bits from something that nobody else could watch.
...
> other hand, an attacker would have to have broken the machine to get the
> mouse info
...
Not really... Have you ever been on an X system with host-based
security (as opposed to xauth)? Anyone who has user login rights
to the machine you're on (*) can just telnet in and open windows
on your screen, blink the leds on your keyboard, install
fonts, confine the mouse to a given screen area, etc.
I understand that normally they can get a copy of every
X event you get (and filter them), but I've never tried...
(*) More accurately, any of the machines you can run X programs from.
Mouse events might not be as secret as we would like...
Jiri
- --
If you want an answer, please mail to <jirib at cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMGYpmyxV6mvvBgf5AQFkxwQAif9RTKJRW9IhZxd1zp4kmEdHbf4IkdMX
OgEhgeMf6d9+iyTnwZJjR/YvSOsonueKHxR+gmQWotf5r9Y7FmLCFLxw8U0F5AF3
wUjQtqnTlWEU5jt57bn3KZFs5EFqdKKAgj9J7qLlflKd2Bm0mAXK4S8mWIP2U7xu
Sl5UbU3KcqE=
=zlW+
-----END PGP SIGNATURE-----
More information about the cypherpunks-legacy
mailing list