[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: real randomness for netscape - user clicking mouse
-----BEGIN PGP SIGNED MESSAGE-----
Hello Vincent Cate <[email protected]>
and [email protected]
and [email protected]
Vincent Cate <[email protected]> wrote:
[about getting entropy from mouse]
> You must get the random bits from something that nobody else could watch.
...
> other hand, an attacker would have to have broken the machine to get the
> mouse info
...
Not really... Have you ever been on an X system with host-based
security (as opposed to xauth)? Anyone who has user login rights
to the machine you're on (*) can just telnet in and open windows
on your screen, blink the leds on your keyboard, install
fonts, confine the mouse to a given screen area, etc.
I understand that normally they can get a copy of every
X event you get (and filter them), but I've never tried...
(*) More accurately, any of the machines you can run X programs from.
Mouse events might not be as secret as we would like...
Jiri
- --
If you want an answer, please mail to <[email protected]>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMGYpmyxV6mvvBgf5AQFkxwQAif9RTKJRW9IhZxd1zp4kmEdHbf4IkdMX
OgEhgeMf6d9+iyTnwZJjR/YvSOsonueKHxR+gmQWotf5r9Y7FmLCFLxw8U0F5AF3
wUjQtqnTlWEU5jt57bn3KZFs5EFqdKKAgj9J7qLlflKd2Bm0mAXK4S8mWIP2U7xu
Sl5UbU3KcqE=
=zlW+
-----END PGP SIGNATURE-----