[cryptography] Mobile Devices and Location Information as Entropy?

Jeffrey Walton noloader at gmail.com
Sat Apr 2 20:44:26 EDT 2011


On Sat, Apr 2, 2011 at 7:41 PM, Jeffrey Walton <noloader at gmail.com> wrote:
> On Sat, Apr 2, 2011 at 10:22 AM, Tom Ritter <tom at ritter.vg> wrote:
>>> At most, I would think you'd only be able to collect a few bits.
>>
>> Agreed, I think using anything but the lowest bits would be dangerous.
>>  But most smartphones (especially ones with GPS sensors) have other
>> sensors that would be better contributors of entropy, and aren't
>> monitorable by any remote adversary: Acceleration, Orientation,
>> Microphone, Camera, probably some others.  You may also be able to get
>> some bits from the Antenna and Wifi Signals Strengths as well.
> Agreed. I even have a finger drawing program to extract random bits
> (if the user desires).
>
>> But, most phone API's already provide a random number generator they
>> say is cryptographically sound.  Java's SecureRandom on Android,
>> SecRandomCopyBytes on iOS, net.rim.device.api.crypto.RandomSource on
>> Blackberry, System.Security.Cryptography.RNGCryptoServiceProvider on
>> Windows, and CreateRandomL on Symbian.  Is there a particular reason
>> you distrust or can't use one of those?
> Two reasons. The first is due diligence (paranoia?), the second is feasibility.
>
> For paranoia, I don't want to place 100% trust in the OS provided
> gear. For example, Ray Marsh recently discussed some considerations
> with Free BSD's prng. For me, its easier to use Crypto++'s X9.17
> generator, and add extra entropy as required.
>
Kevin Wall brought up a good point on a sidebar: X9.17 is no longer
recommended/approved. Fortunately, the difference between X9.17 and
X9.31 is the underlying block cipher. X9.31 uses 3TDEA and AES. AES
has been the block cipher used in Crypto++ for the generator for some
time now [1].

Jeff

[1] http://www.cryptopp.com/docs/ref/osrng_8h_source.html



More information about the cryptography mailing list