Hi, I took a look at how entropy is gathered when creating a new key (retroshare-gui/src/gui/GenCertDialog.cpp). As far as I can tell, the mouse position is sampled 2048 times every 20 ms, the coordinates are then transformed and the result is finally mixed into a PNRG managed by OpenSSL. I have a few concerns about this method:
- Are the mouse coordinates really the only source of entropy? Is /dev/random never used? The only place in RS that RsInit::collectEntropy is called is in the callback. - A mathematical transformation will never increase entropy. In fact, it may decrease the amount of entropy. See for instance section 3.1 of Knuth's TAoCP for an amusing anecdote. Is the method you are using based on any solid foundations? Has it been reviewed by a cryptographer? - After transforming the sample, you use RsInit::collectEntropy, which uses RAND_seed(&n,4) to feed 4 bytes of entry to the PNRG. However, the coordinate space is only about 20-bits large (for a 1024x768 monitor, we have log_2(1024 * 768) = 19.6 bit; for FullHD+, log_2(1920 x 1080) = 21.0 bits). Moreover, the samples are not uniformly distributed: the previous sample contains a lot of information about the current sample (in my case, before reading the code, I created an identity and moved the mouse around the screen at an approximately constant speed thus the maximum entropy is actually just a small factor larger than the perimeter of a circle whose radius was my rate (in px/ms) * 20ms). If I were going to use the mouse position to gather entropy, then I would conservatively estimate about 2 bits per sample and I would only use the lower 3 bits of each coordinate (but I'm not a cryptographer). Relatedly: are there are Cryptographer's on the RS development team? Has the RS code base been audited? Thanks! :) Neal ------------------------------------------------------------------------------ Is your legacy SCM system holding you back? Join Perforce May 7 to find out: • 3 signs your SCM is hindering your productivity • Requirements for releasing software faster • Expert tips and advice for migrating your SCM now http://p.sf.net/sfu/perforce _______________________________________________ Retroshare-devel mailing list Retroshare-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/retroshare-devel
