Mouse curiosity
-
I recently got my first BlackBerry (yes, I know they've been around for quite a while, but I never had one before) and had the chance to play with the PC-BlackBerry synch-up mechanism.
Upon launching, the software informed me that the encryption key was out of date, that it would generate a new one, and asked me to 'move the mouse around in order to provide random data for the encryption key'.
Excuse me, but what if I just leave it motionless? Does it always generate the same key, or does it at least use something pseudo-random like milliseconds/ethernet-ip-address.
May or may not be a WTF (depends what they did under the hood in addition to listening for mouse events). There has to be a better way, no?
-
If you just leave it motionless it probably won't be able to collect any entropy so it'll just sit there and wait for you to do something. This is a big problem on Windows - there is no proper entropy generation mechanism for things like this, so most people either use the mouse trick or generate insecure keys.
The better way is to use something other than Windows; almost all other platforms collect entropy automatically, in the background, from many sources (including the keyboard and mouse, but also things like disk timings, and some motherboards have special hardware for the task), and then applications can fetch their entropy from this pool without having to wait for you to do something.
-
Curiosity killed the cat. This had probably something to do with a mouse...
-
@snoofle said:
I recently got my first BlackBerry (yes, I know they've been around for quite a while, but I never had one before) and had the chance to play with the PC-BlackBerry synch-up mechanism.
Upon launching, the software informed me that the encryption key was out of date, that it would generate a new one, and asked me to 'move the mouse around in order to provide random data for the encryption key'.
Excuse me, but what if I just leave it motionless? Does it always generate the same key, or does it at least use something pseudo-random like milliseconds/ethernet-ip-address.
May or may not be a WTF (depends what they did under the hood in addition to listening for mouse events). There has to be a better way, no?
I don't know much about entropy, but that's a weird way to generate random data. Couldn't we just install little transistor radios inside every machine to collect static, or provide microphones so that rather than moving the mouse you could hum a bit of your favorite song/tv jingle? If adding new hardware is a problem, why not just have the user bang on the keyboard?
"Whatcha up to, Sam?"
"Hey<bang>, Morty. Oh, just <bang> making entropy <bang> <bang>. Hey, could you be a pal and hum the <bang> Meow Mix song into the mic over there?"
-
On a windows box, that's really the best the industry has to offer. FSecure SSH for windows did this a decade ago, and was widely considered the best windows SSH client, hands down.
-
<FONT face=Arial>Windows has CAPICOM for crypto-secure numbers (and it has a .NET wrapper in the crypto API). No need to resort to making the user create entropy.</FONT>
-
@Rotary Jihad said:
What tricks are used on other OSs?
I understand the need and some natural sources of random numbers, but never got into the specifics of implementing them in a useful manner.
If you're interested in the subject, the book "Silence on the Wire" by Michel Zalewski covers the basics of true random number generation, as well as ways to attack it.
-
That's so stupid. The preferred method is to bang on the keyboard like a monkey.
-
@Carnildo said:
@Rotary Jihad said:
@alias said:
Except that the code to do this is sitting inside the OS kernel. It's already got access to the information it needs, so why not pool it up to generate random numbers on demand? And if you're so paranoid about keyloggers that you're worried that one's been hidden in the OS, you probably shouldn't be using a computer in the first place.In linux you can read from the /dev/random stream - it's a device that spits out randomly generated numbers which seed is based upon mouse movement / click and keyboard activity.
So it does exactly what most windows users do except it does it constantly instead of when needed. Not meant to OS bash, just taking note. Seems like a slight waste of resources and a good place to hide a keylogger.We can speculate that the process behind /random looks like this:
while(1){bangOnKeyboardLikeAMonkey();yield();}
Let the record show that my earlier post appeared before today's article
-
@Oscar L said:
@Carnildo said:
@Rotary Jihad said:
@alias said:
Except that the code to do this is sitting inside the OS kernel. It's already got access to the information it needs, so why not pool it up to generate random numbers on demand? And if you're so paranoid about keyloggers that you're worried that one's been hidden in the OS, you probably shouldn't be using a computer in the first place.In linux you can read from the /dev/random stream - it's a device that spits out randomly generated numbers which seed is based upon mouse movement / click and keyboard activity.
So it does exactly what most windows users do except it does it constantly instead of when needed. Not meant to OS bash, just taking note. Seems like a slight waste of resources and a good place to hide a keylogger.We can speculate that the process behind /random looks like this:
while(1){bangOnKeyboardLikeAMonkey();yield();}
Let the record show that my earlier post appeared before today's article
Interesting factoid: at least on my Linux system, if I cat /dev/random, then it blocks until I wiggle the mouse or bang on the keyboard like a monkey.
-
@Rotary Jihad said:
So it does exactly what most windows users do except it does it constantly instead of when needed.
No, that's just one of the things it does. Basically, it's a generic framework for things to shove entropy into a pool, along with some cryptographically-secure algorithms to make sure it's safe. Then individual device drivers can elect to consider certain events as being 'sufficiently random' to be used as input.
Two such device drivers are the keyboard and mouse - it's presumed that the low-order bits of timing for this are pretty random (like, look at the times when you hit a key, but only consider the microseconds component of the clock).
Other drivers can do it too - some disk and network devices are suitable for the purpose, and many modern Via processors and Intel motherboards also have devices that are designed to generate lots of random noise (usually picking up static in the environment). You can also buy PCI cards and serial port devices designed specifically for this purpose, and there are drivers specifically for those, although most people don't need them.
All of this stuff is collected while the system is running, stirred together, and can be read from /dev/random (or whatever it's called on your platform) on demand. The beauty of this setup is that it works for any old hardware configuration - if you've just got a keyboard and mouse, that works fine. But if you're accessing a server over VNC or something, being told to move the mouse around isn't too helpful - the box might not even have one. So it'll have to get it someplace else, you just have to make sure that you've got suitable hardware (those serial widgets come in handy here). This sort of stuff becomes important when you're running nontrivial webcommerce servers, because https needs plenty of entropy on the server to work.
So, that's how you do it, and why it's important to do it this way (instead of just asking the user to wiggle the mouse in each application).
-
@Oscar L said:
I don't know much about entropy, but that's a weird way to generate random data. Couldn't we just install little transistor radios inside every machine to collect static, or provide microphones so that rather than moving the mouse you could hum a bit of your favorite song/tv jingle?
They're mostly free-running oscillators rather than radios, but collecting static is almost exactly what the Via C3 systems do. It's simple and very effective. We don't have them in every machine due to lack of market demand, there's no other reason for it.
-
I suggest computers be supplied with several of Autechre's newest tracks built-in, and generating noise by playing them.
-
Interesting factoid: at least on my Linux system, if I cat /dev/random, then it blocks until I wiggle the mouse or bang on the keyboard like a monkey.
Yes, some do. On my systems (FreeBSD), there was a /dev/random that gave out what entropy it had, and blocked until it had some more, and /dev/urandom, that provided endless pseudorandom based on the entropy pool.
Some time ago (I think it was a year or two) they decided that the urandom was now good enough, so made /dev/random a link to /dev/urandom.
-
@robbak said:
Yes, some do. On my systems (FreeBSD), there was a /dev/random that gave out what entropy it had, and blocked until it had some more, and /dev/urandom, that provided endless pseudorandom based on the entropy pool.
Some time ago (I think it was a year or two) they decided that the urandom was now good enough, so made /dev/random a link to /dev/urandom.
I had a problem with /dev/random blocking a few years ago (coming on for 6 years), when I was using a Java PGP library to encrypt order details from an ecommerce site for mailing off to the client's fulfillment centre.
To cut a long story short, it cost me a night's sleep as I eventually had to rewrite the module to invoke the command-line PGP binary via System.exec() instead. It was only later that we discovered what the problem had been; the symptom was that the call to the PGP library simply hung. It turned out that the machine had run out of entropy (being a server, it had no keyboard or mouse attached) and the read from /dev/random was blocking.
That was (so far) my one and only 24 hour coding stint, not an experience I'd like to repeat. (I'd also prefer not to repeat having to rewrite a core module on the day of go-live)
-
Not enough randomness? Here, have some of mine...
<font face="Lucida Console" size="2">0000000 7a20 b18f e38f 2823 18e1 7052 70cd 3300
0000010 15c1 f200 7d4c 04d9 cb3e 729d 0797 0658
0000020 f000 a78d f1a6 6fa9 dc82 e60a 4006 728c
0000030 9079 5e9c 95da 841b bfea a1b0 9128 29c3
0000040 bc98 1b6c 342a c7f9 1cbd c457 4795 d0f5
0000050 faf1 6459 c10d 06b3 ad07 9487 1c3d 227c
0000060 64d9 32f6 0bb1 03df d6df af61 838b 01d4
0000070 27a9 765e 63bc a052 4fef b9b2 2d08 8248
0000080 600d 79e7 efcd beed 6ddb 2264 a82e 2918
0000090 ee83 e018 1e35 6116 4206 0e2c 9715 1c99
00000a0 c053 c228 b9d1 cdcc 6a06 b8e1 ccaf 3ffb
00000b0 9760 c0fe d599 99ee 373b dfee e444 8ee7
00000c0 c863 2dd8 06e1 c067 7b83 3148 91c7 761f
00000d0 8d44 e468 80e8 332d 0b02 40b9 2e21 7fe1
00000e0 c4d1 7a42 3897 8cf7 3a72 3888 ccd8 c78a</font>
-
@chaosite said:
Not enough randomness? Here, have some of mine...
<font face="Lucida Console" size="2">0000000 7a20 b18f e38f 2823 18e1 7052 70cd 3300
0000010 15c1 f200 7d4c 04d9 cb3e 729d 0797 0658
0000020 f000 a78d f1a6 6fa9 dc82 e60a 4006 728c
0000030 9079 5e9c 95da 841b bfea a1b0 9128 29c3
0000040 bc98 1b6c 342a c7f9 1cbd c457 4795 d0f5
0000050 faf1 6459 c10d 06b3 ad07 9487 1c3d 227c
0000060 64d9 32f6 0bb1 03df d6df af61 838b 01d4
0000070 27a9 765e 63bc a052 4fef b9b2 2d08 8248
0000080 600d 79e7 efcd beed 6ddb 2264 a82e 2918
0000090 ee83 e018 1e35 6116 4206 0e2c 9715 1c99
00000a0 c053 c228 b9d1 cdcc 6a06 b8e1 ccaf 3ffb
00000b0 9760 c0fe d599 99ee 373b dfee e444 8ee7
00000c0 c863 2dd8 06e1 c067 7b83 3148 91c7 761f
00000d0 8d44 e468 80e8 332d 0b02 40b9 2e21 7fe1
00000e0 c4d1 7a42 3897 8cf7 3a72 3888 ccd8 c78a</font>
Worthless!
Look, it already repeated itself!