I took a look at how entropy is gathered when creating a new key
(retroshare-gui/src/gui/GenCertDialog.cpp).  As far as I can tell, the
mouse position is sampled 2048 times every 20 ms, the coordinates are
then transformed and the result is finally mixed into a PNRG managed
by OpenSSL.  I have a few concerns about this method:

- Are the mouse coordinates really the only source of entropy?  Is
  /dev/random never used?  The only place in RS that
  RsInit::collectEntropy is called is in the callback.

- A mathematical transformation will never increase entropy.  In fact,
  it may decrease the amount of entropy.  See for instance section 3.1
  of Knuth's TAoCP for an amusing anecdote.  Is the method you are
  using based on any solid foundations?  Has it been reviewed by a

- After transforming the sample, you use RsInit::collectEntropy, which
  uses RAND_seed(&n,4) to feed 4 bytes of entry to the PNRG.  However,
  the coordinate space is only about 20-bits large (for a 1024x768
  monitor, we have log_2(1024 * 768) = 19.6 bit; for FullHD+,
  log_2(1920 x 1080) = 21.0 bits).  Moreover, the samples are not
  uniformly distributed: the previous sample contains a lot of
  information about the current sample (in my case, before reading the
  code, I created an identity and moved the mouse around the screen at
  an approximately constant speed thus the maximum entropy is actually
  just a small factor larger than the perimeter of a circle whose
  radius was my rate (in px/ms) * 20ms).

  If I were going to use the mouse position to gather entropy, then I
  would conservatively estimate about 2 bits per sample and I would
  only use the lower 3 bits of each coordinate (but I'm not a

Relatedly: are there are Cryptographer's on the RS development team?
Has the RS code base been audited?


:) Neal

Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
Retroshare-devel mailing list

Reply via email to