From: Deranged Mutant <rrothenb@ic.sunysb.edu>
Date: Thu, 21 Sep 95 19:15:29 PDT
To: vince@offshore.com.ai (Vincent Cate)
Subject: Re: real randomness for netscape - user clicking mouse
In-Reply-To: <Pine.3.89.9509211743.A459-0100000@offshore.com.ai>
Message-ID: <199509220214.WAA16926@libws4.ic.sunysb.edu>
MIME-Version: 1.0
Content-Type: text/plain



> Why not just do something similar to what PGP does?  

Yes, why not... (it's been suggested before)

> For netscape you could have a user make circling motions with the mouse
> and clicking at random times.  For each click of the mouse you could get a
> few bits of randomness from the time, the X position, and the Y position. 
> You could get random bits really fast this way. 

Careful... the buttons one tends to click on are in the same regions,
and the entropy would not be as great as say, with keyboard timings.
I think fast timings between clicks (maybe added or xor'd with low bits
from mouse positions?) is a better solution.

Though the best way is to experiment... I wrote a DOS ISR to capture
timings between clicks ('keyrand?.zip' on some ftp-sites) and experimented
with speeding up the system clock (which is normally 18.2 times/sec), but
the entropy appeared lower (superficially less random).

-Rob