Mouse curiosity



  • I recently got my first BlackBerry (yes, I know they've been around for quite a while, but I never had one before) and had the chance to play with the PC-BlackBerry synch-up mechanism.

    Upon launching, the software informed me that the encryption key was out of date, that it would generate a new one, and asked me to 'move the mouse around in order to provide random data for the encryption key'.

    Excuse me, but what if I just leave it motionless? Does it always generate the same key, or does it at least use something pseudo-random like milliseconds/ethernet-ip-address.

    May or may not be a WTF (depends what they did under the hood in addition to listening for mouse events). There has to be a better way, no?



  • If you just leave it motionless it probably won't be able to collect any entropy so it'll just sit there and wait for you to do something. This is a big problem on Windows - there is no proper entropy generation mechanism for things like this, so most people either use the mouse trick or generate insecure keys.

    The better way is to use something other than Windows; almost all other platforms collect entropy automatically, in the background, from many sources (including the keyboard and mouse, but also things like disk timings, and some motherboards have special hardware for the task), and then applications can fetch their entropy from this pool without having to wait for you to do something.



  • Curiosity killed the cat.  This had probably something to do with a mouse...



  • @snoofle said:

    I recently got my first BlackBerry (yes, I know they've been around for quite a while, but I never had one before) and had the chance to play with the PC-BlackBerry synch-up mechanism.

    Upon launching, the software informed me that the encryption key was out of date, that it would generate a new one, and asked me to 'move the mouse around in order to provide random data for the encryption key'.

    Excuse me, but what if I just leave it motionless? Does it always generate the same key, or does it at least use something pseudo-random like milliseconds/ethernet-ip-address.

    May or may not be a WTF (depends what they did under the hood in addition to listening for mouse events). There has to be a better way, no?

    I don't know much about entropy, but that's a weird way to generate random data.  Couldn't we just install little transistor radios inside every machine to collect static, or provide microphones so that rather than moving the mouse you could hum a bit of your favorite song/tv jingle?  If adding new hardware is a problem, why not just have the user bang on the keyboard?

    "Whatcha up to, Sam?"

    "Hey<bang>, Morty.  Oh, just <bang> making entropy <bang> <bang>.  Hey, could you be a pal and hum the <bang> Meow Mix song into the mic over there?"



  • On a windows box, that's really the best the industry has to offer.   FSecure SSH for windows did this a decade ago, and was widely considered the best windows SSH client, hands down.



  • <FONT face=Arial>Windows has CAPICOM for crypto-secure numbers (and it has a .NET wrapper in the crypto API).  No need to resort to making the user create entropy.</FONT>

    <FONT face=Arial>http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/capicom_reference.asp</FONT>



  • @Rotary Jihad said:

    What tricks are used on other OSs?

    I understand the need and some natural sources of random numbers, but never got into the specifics of implementing them in a useful manner.



    If you're interested in the subject, the book "Silence on the Wire" by Michel Zalewski covers the basics of true random number generation, as well as ways to attack it.



  • That's so stupid. The preferred method is to bang on the keyboard like a monkey.



  • @Carnildo said:

    @Rotary Jihad said:
    @alias said:
    In linux you can read from the /dev/random stream - it's a device that spits out randomly generated numbers which seed is based upon mouse movement / click and keyboard activity.
    So it does exactly what most windows users do except it does it constantly instead of when needed. Not meant to OS bash, just taking note. Seems like a slight waste of resources and a good place to hide a keylogger.
    Except that the code to do this is sitting inside the OS kernel. It's already got access to the information it needs, so why not pool it up to generate random numbers on demand? And if you're so paranoid about keyloggers that you're worried that one's been hidden in the OS, you probably shouldn't be using a computer in the first place.

    We can speculate that the process behind /random looks like this:

    while(1){bangOnKeyboardLikeAMonkey();yield();}

    Let the record show that my earlier post appeared before today's article



  • @Oscar L said:

    @Carnildo said:

    @Rotary Jihad said:
    @alias said:
    In linux you can read from the /dev/random stream - it's a device that spits out randomly generated numbers which seed is based upon mouse movement / click and keyboard activity.
    So it does exactly what most windows users do except it does it constantly instead of when needed. Not meant to OS bash, just taking note. Seems like a slight waste of resources and a good place to hide a keylogger.
    Except that the code to do this is sitting inside the OS kernel. It's already got access to the information it needs, so why not pool it up to generate random numbers on demand? And if you're so paranoid about keyloggers that you're worried that one's been hidden in the OS, you probably shouldn't be using a computer in the first place.

    We can speculate that the process behind /random looks like this:

    while(1){bangOnKeyboardLikeAMonkey();yield();}

    Let the record show that my earlier post appeared before today's article



    Interesting factoid: at least on my Linux system, if I cat /dev/random, then it blocks until I wiggle the mouse or bang on the keyboard like a monkey.


  • @Rotary Jihad said:

    So it does exactly what most windows users do except it does it constantly instead of when needed.


    No, that's just one of the things it does. Basically, it's a generic framework for things to shove entropy into a pool, along with some cryptographically-secure algorithms to make sure it's safe. Then individual device drivers can elect to consider certain events as being 'sufficiently random' to be used as input.

    Two such device drivers are the keyboard and mouse - it's presumed that the low-order bits of timing for this are pretty random (like, look at the times when you hit a key, but only consider the microseconds component of the clock).

    Other drivers can do it too - some disk and network devices are suitable for the purpose, and many modern Via processors and Intel motherboards also have devices that are designed to generate lots of random noise (usually picking up static in the environment). You can also buy PCI cards and serial port devices designed specifically for this purpose, and there are drivers specifically for those, although most people don't need them.

    All of this stuff is collected while the system is running, stirred together, and can be read from /dev/random (or whatever it's called on your platform) on demand. The beauty of this setup is that it works for any old hardware configuration - if you've just got a keyboard and mouse, that works fine. But if you're accessing a server over VNC or something, being told to move the mouse around isn't too helpful - the box might not even have one. So it'll have to get it someplace else, you just have to make sure that you've got suitable hardware (those serial widgets come in handy here). This sort of stuff becomes important when you're running nontrivial webcommerce servers, because https needs plenty of entropy on the server to work.

    So, that's how you do it, and why it's important to do it this way (instead of just asking the user to wiggle the mouse in each application).



  • @Oscar L said:

    I don't know much about entropy, but that's a weird way to generate random data.  Couldn't we just install little transistor radios inside every machine to collect static, or provide microphones so that rather than moving the mouse you could hum a bit of your favorite song/tv jingle?


    They're mostly free-running oscillators rather than radios, but collecting static is almost exactly what the Via C3 systems do. It's simple and very effective. We don't have them in every machine due to lack of market demand, there's no other reason for it.



  • I suggest computers be supplied with several of Autechre's newest tracks built-in, and generating noise by playing them.



  • Interesting factoid: at least on my Linux system, if I cat /dev/random,
    then it blocks until I wiggle the mouse or bang on the keyboard like a
    monkey.


    Yes, some do. On my systems (FreeBSD), there was a /dev/random that gave out what entropy it had, and blocked until it had some more, and /dev/urandom, that provided endless pseudorandom based on the entropy pool.

    Some time ago (I think it was a year or two) they decided that the urandom was now good enough, so made /dev/random a link to /dev/urandom.



  • @robbak said:


    Yes, some do. On my systems (FreeBSD), there was a /dev/random that gave out what entropy it had, and blocked until it had some more, and /dev/urandom, that provided endless pseudorandom based on the entropy pool.

    Some time ago (I think it was a year or two) they decided that the urandom was now good enough, so made /dev/random a link to /dev/urandom.


    I had a problem with /dev/random blocking a few years ago (coming on for 6 years), when I was using a Java PGP library to encrypt order details from an ecommerce site for mailing off to the client's fulfillment centre.

    To cut a long story short, it cost me a night's sleep as I eventually had to rewrite the module to invoke the command-line PGP binary via System.exec() instead. It was only later that we discovered what the problem had been; the symptom was that the call to the PGP library simply hung. It turned out that the machine had run out of entropy (being a server, it had no keyboard or mouse attached) and the read from /dev/random was blocking.

    That was (so far) my one and only 24 hour coding stint, not an experience I'd like to repeat. (I'd also prefer not to repeat having to rewrite a core module on the day of go-live)



  • Not enough randomness? Here, have some of mine...

    <font face="Lucida Console" size="2">0000000    7a20    b18f    e38f    2823    18e1    7052    70cd    3300
    0000010    15c1    f200    7d4c    04d9    cb3e    729d    0797    0658
    0000020    f000    a78d    f1a6    6fa9    dc82    e60a    4006    728c
    0000030    9079    5e9c    95da    841b    bfea    a1b0    9128    29c3
    0000040    bc98    1b6c    342a    c7f9    1cbd    c457    4795    d0f5
    0000050    faf1    6459    c10d    06b3    ad07    9487    1c3d    227c
    0000060    64d9    32f6    0bb1    03df    d6df    af61    838b    01d4
    0000070    27a9    765e    63bc    a052    4fef    b9b2    2d08    8248
    0000080    600d    79e7    efcd    beed    6ddb    2264    a82e    2918
    0000090    ee83    e018    1e35    6116    4206    0e2c    9715    1c99
    00000a0    c053    c228    b9d1    cdcc    6a06    b8e1    ccaf    3ffb
    00000b0    9760    c0fe    d599    99ee    373b    dfee    e444    8ee7
    00000c0    c863    2dd8    06e1    c067    7b83    3148    91c7    761f
    00000d0    8d44    e468    80e8    332d    0b02    40b9    2e21    7fe1
    00000e0    c4d1    7a42    3897    8cf7    3a72    3888    ccd8    c78a</font>



  • @chaosite said:

    Not enough randomness? Here, have some of mine...

    <font face="Lucida Console" size="2">0000000    7a20    b18f    e38f    2823    18e1    7052    70cd    3300
    0000010    15c1    f200    7d4c    04d9    cb3e    729d    0797    0658
    0000020    f000    a78d    f1a6    6fa9    dc82    e60a    4006    728c
    0000030    9079    5e9c    95da    841b    bfea    a1b0    9128    29c3
    0000040    bc98    1b6c    342a    c7f9    1cbd    c457    4795    d0f5
    0000050    faf1    6459    c10d    06b3    ad07    9487    1c3d    227c
    0000060    64d9    32f6    0bb1    03df    d6df    af61    838b    01d4
    0000070    27a9    765e    63bc    a052    4fef    b9b2    2d08    8248
    0000080    600d    79e7    efcd    beed    6ddb    2264    a82e    2918
    0000090    ee83    e018    1e35    6116    4206    0e2c    9715    1c99
    00000a0    c053    c228    b9d1    cdcc    6a06    b8e1    ccaf    3ffb
    00000b0    9760    c0fe    d599    99ee    373b    dfee    e444    8ee7
    00000c0    c863    2dd8    06e1    c067    7b83    3148    91c7    761f
    00000d0    8d44    e468    80e8    332d    0b02    40b9    2e21    7fe1
    00000e0    c4d1    7a42    3897    8cf7    3a72    3888    ccd8    c78a</font>



    Worthless!

    Look, it already repeated itself!


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.