[cryptography] Mobile Devices and Location Information as Entropy?

Tom Ritter tom at ritter.vg
Sat Apr 2 10:22:40 EDT 2011


> At most, I would think you'd only be able to collect a few bits.

Agreed, I think using anything but the lowest bits would be dangerous.
 But most smartphones (especially ones with GPS sensors) have other
sensors that would be better contributors of entropy, and aren't
monitorable by any remote adversary: Acceleration, Orientation,
Microphone, Camera, probably some others.  You may also be able to get
some bits from the Antenna and Wifi Signals Strengths as well.

But, most phone API's already provide a random number generator they
say is cryptographically sound.  Java's SecureRandom on Android,
SecRandomCopyBytes on iOS, net.rim.device.api.crypto.RandomSource on
Blackberry, System.Security.Cryptography.RNGCryptoServiceProvider on
Windows, and CreateRandomL on Symbian.  Is there a particular reason
you distrust or can't use one of those?

-tom



More information about the cryptography mailing list