[cryptography] Mobile Devices and Location Information as Entropy?
noloader at gmail.com
Sat Apr 2 18:46:24 EDT 2011
On Sat, Apr 2, 2011 at 4:15 AM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
> On 04/02/2011 04:10 AM, Jeffrey Walton wrote:
>> Hi Guys,
>> Given a mobile device with GPS location data available, is there any
>> benefit to using the location data as an entropy source?
>> I'm wondering how useful GPS coordinates are if an adversary can
>> determine location by triangulating a carrier's cell tower data.
> Over some duration (assuming said GPS is on the move) or just at
> some single fixed point in time?
Could be either.
> At most, I would think you'd only be able to collect a few bits.
Agreed. I was going to pass the bits through a hash/cipher in an
effort to extract any entropy, and then send it into a PRNG.
> And I would think an adversary who has observed your travel patterns
> might be able to exploit just about anything if your movements
> are more or less predictable.
Right - suppose the travel patterns were deduced from cell tower
triangulation. Is it a moot point to use GPS coordinates as a [low
entropy] source? (I'm side stepping a 'physical tail').
More information about the cryptography