1995-09-25 - Re: real randomness for netscape - user clicking mouse

Header Data

From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
To: vince@offshore.com.ai (Vincent Cate)
Message Hash: 35fd97b29b74f241481153174f9f48aa2fa04ea7bcc1b8a6cd3bceb409e023d8
Message ID: <199509250402.OAA17312@sweeney.cs.monash.edu.au>
Reply To: <Pine.3.89.9509211743.A459-0100000@offshore.com.ai>
UTC Datetime: 1995-09-25 04:06:43 UTC
Raw Date: Sun, 24 Sep 95 21:06:43 PDT

Raw message

From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Sun, 24 Sep 95 21:06:43 PDT
To: vince@offshore.com.ai (Vincent Cate)
Subject: Re: real randomness for netscape - user clicking mouse
In-Reply-To: <Pine.3.89.9509211743.A459-0100000@offshore.com.ai>
Message-ID: <199509250402.OAA17312@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Vincent Cate <vince@offshore.com.ai>
  and cypherpunks@toad.com
  and jsw@neon.netscape.com
 
Vincent Cate <vince@offshore.com.ai> wrote:
[about getting entropy from mouse]
> You must get the random bits from something that nobody else could watch. 
...
> other hand, an attacker would have to have broken the machine to get the
> mouse info
...

Not really... Have you ever been on an X system with host-based
security (as opposed to xauth)? Anyone who has user login rights
to the machine you're on (*) can just telnet in and open windows
on your screen, blink the leds on your keyboard, install
fonts, confine the mouse to a given screen area, etc.

I understand that normally they can get a copy of every
X event you get (and filter them), but I've never tried...

(*) More accurately, any of the machines you can run X programs from.

Mouse events might not be as secret as we would like...

Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMGYpmyxV6mvvBgf5AQFkxwQAif9RTKJRW9IhZxd1zp4kmEdHbf4IkdMX
OgEhgeMf6d9+iyTnwZJjR/YvSOsonueKHxR+gmQWotf5r9Y7FmLCFLxw8U0F5AF3
wUjQtqnTlWEU5jt57bn3KZFs5EFqdKKAgj9J7qLlflKd2Bm0mAXK4S8mWIP2U7xu
Sl5UbU3KcqE=
=zlW+
-----END PGP SIGNATURE-----




Thread