Hi,
I took a look at how entropy is gathered when creating a new key
(retroshare-gui/src/gui/GenCertDialog.cpp). As far as I can tell, the
mouse position is sampled 2048 times every 20 ms, the coordinates are
then transformed and the result is finally mixed into a PNRG managed
by OpenSSL. I have a few concerns about this method:

## Advertising

- Are the mouse coordinates really the only source of entropy? Is
/dev/random never used? The only place in RS that
RsInit::collectEntropy is called is in the callback.
- A mathematical transformation will never increase entropy. In fact,
it may decrease the amount of entropy. See for instance section 3.1
of Knuth's TAoCP for an amusing anecdote. Is the method you are
using based on any solid foundations? Has it been reviewed by a
cryptographer?
- After transforming the sample, you use RsInit::collectEntropy, which
uses RAND_seed(&n,4) to feed 4 bytes of entry to the PNRG. However,
the coordinate space is only about 20-bits large (for a 1024x768
monitor, we have log_2(1024 * 768) = 19.6 bit; for FullHD+,
log_2(1920 x 1080) = 21.0 bits). Moreover, the samples are not
uniformly distributed: the previous sample contains a lot of
information about the current sample (in my case, before reading the
code, I created an identity and moved the mouse around the screen at
an approximately constant speed thus the maximum entropy is actually
just a small factor larger than the perimeter of a circle whose
radius was my rate (in px/ms) * 20ms).
If I were going to use the mouse position to gather entropy, then I
would conservatively estimate about 2 bits per sample and I would
only use the lower 3 bits of each coordinate (but I'm not a
cryptographer).
Relatedly: are there are Cryptographer's on the RS development team?
Has the RS code base been audited?
Thanks!
:) Neal
------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
Retroshare-devel mailing list
Retroshare-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/retroshare-devel