Hi,
I just checked back. Thanks for the quick resonse on this issue. I
didn't expect and much less hope for such a fast and well thought
response.
On Fri, 2008-07-11 at 08:48 -0400, Ian Goldberg wrote:
> ...
> Another option, of course, is for pidgin-otr to capture mouse-movement
> events itself and augment the PRNG seed manually. I don't think that
> would help Uli's situation, though. [Although it couldn't hurt, unless
> the performance issues of seeding the PRNG on every mouse movement
> becomes crazy.]
In my opinion it could hurt. Just imagine the user initates a key
generation, goes away from his PC and his broken input device (a
Joystick for instance) producing 100% predictable movement to the right.
Anyone who knows that PC can predict this gathered "randomness".
It would be much less error prone to ask the user to enter a sufficently
random string and then press enter.
Producing flawless randomness seems to me like a super human task.
Therfore I'd try to implement it in as few places as possible and review
it by as many humans as possible. A good place is in the kernel, maybe
based on an even more generic framework used in most kernels.
Cheers,
Johannes
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
