[147954] in cryptography@c2.net mail archive
Re: [Cryptography] What's a Plausible Attack On Random Number
daemon@ATHENA.MIT.EDU (Bill Frantz)
Sat Nov 2 12:18:03 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 1 Nov 2013 21:16:23 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: cryptography@metzdowd.com
In-Reply-To: <5273ABE5.6000106@av8n.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 11/1/13 at 6:25 AM, jsd@av8n.com (John Denker) wrote:
>-- Even if it works in a datacenter, network timing doesn't
>work for a handheld device that powers up with no network
>connectivity at all.
The finger swipe used to wake up an iPhone provides a bunch of entropy.
If we assume that the swipe takes 250 milliseconds and we sample
the finger x,y position every 100 microseconds then we get 2500
samples. The screen resolution is 960x640. The finger will
travel at least 500 pixels horizontally with a vertical
uncertainty of at least 800 pixels. (Yes, I tried it. The swipe
works over almost the whole vertical extent of the screen.)
We will see 1 pixel of horizontal motion approximately once
every 5 samples. The exact sample pair where we see it provides
the horizontal entropy, or 500 bits for the swipe. The vertical
motion will provide a few more bits of entropy -- say about 200
for starting position and another 50 for up/down motion.
It shouldn't be hard to seed a random number generator from just
the wakeup swipe.
[I'm all in favor of seed pools, etc. etc. etc. The more sources
the better. But high precision UI event timings are really hard
to guess, even with a camera watching the interaction.]
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | Airline peanut bag: "Produced | Periwinkle
(408)356-8506 | in a facility that processes | 16345
Englewood Ave
www.pwpconsult.com | peanuts and other nuts." - Duh | Los Gatos,
CA 95032
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography