Grant Taylor wrote:
On 3/6/25 2:51 AM, Stefan Claas wrote:
why not as random?
The numbers are somewhat predictable.
If your mouse is at coordinates 5,5 then chances are much better that
the next coordinates are somewhere close to 5,5 than not; e.g.
[4-6],[4-6]. It is extremely unlikely that your next coordinate will
jump to 0,0, 9,0, 9,9, 0,9. Hence the predictability.
Yes, the numbers are better than nothing. But they aren't nearly as
random as we want.
Well, the mouse coordinates are not the only entropy source.
Here is an explanation with debug output:
Debug: Using 16 bytes for entropy collection
Debug: Starting mouse movement collection
Sample 0: Mouse(x=773, y=467) Time=1400640 Random=0 Result=150
Sample 1: Mouse(x=774, y=468) Time=1400953 Random=77 Result=230
Sample 2: Mouse(x=776, y=478) Time=1401156 Random=25 Result=139
Sample 3: Mouse(x=575, y=319) Time=1401359 Random=244 Result=251
Sample 4: Mouse(x=686, y=320) Time=1401562 Random=113 Result=69
Sample 5: Mouse(x=853, y=407) Time=1401765 Random=202 Result=173
Sample 6: Mouse(x=817, y=542) Time=1401968 Random=148 Result=203
Sample 7: Mouse(x=525, y=491) Time=1402171 Random=215 Result=10
Sample 8: Mouse(x=431, y=320) Time=1402375 Random=59 Result=211
Sample 9: Mouse(x=742, y=360) Time=1402578 Random=236 Result=176
Sample 10: Mouse(x=857, y=275) Time=1402781 Random=95 Result=136
Sample 11: Mouse(x=714, y=249) Time=1402984 Random=6 Result=93
Sample 12: Mouse(x=580, y=503) Time=1403187 Random=230 Result=102
Sample 13: Mouse(x=278, y=506) Time=1403390 Random=16 Result=2
Sample 14: Mouse(x=33, y=391) Time=1403593 Random=238 Result=129
Sample 15: Mouse(x=227, y=306) Time=1403796 Random=158 Result=219
Sample 16: Mouse(x=325, y=405) Time=1404000 Random=3 Result=179
Sample 17: Mouse(x=534, y=572) Time=1404218 Random=193 Result=209
Sample 18: Mouse(x=929, y=387) Time=1404421 Random=33 Result=6
Sample 19: Mouse(x=740, y=448) Time=1404625 Random=133 Result=112
Sample 20: Mouse(x=608, y=619) Time=1404828 Random=241 Result=102
Sample 21: Mouse(x=586, y=454) Time=1405031 Random=230 Result=13
Sample 22: Mouse(x=985, y=378) Time=1405234 Random=76 Result=221
Sample 23: Mouse(x=830, y=256) Time=1405437 Random=156 Result=95
Sample 24: Mouse(x=586, y=535) Time=1405640 Random=50 Result=167
Sample 25: Mouse(x=299, y=529) Time=1405843 Random=47 Result=134
Sample 26: Mouse(x=343, y=313) Time=1406046 Random=227 Result=211
Sample 27: Mouse(x=547, y=367) Time=1406250 Random=40 Result=78
Sample 28: Mouse(x=902, y=455) Time=1406453 Random=229 Result=81
Sample 29: Mouse(x=794, y=296) Time=1406656 Random=79 Result=189
Sample 30: Mouse(x=584, y=526) Time=1406859 Random=30 Result=211
Sample 31: Mouse(x=342, y=569) Time=1407062 Random=44 Result=21
Debug: Raw entropy collection completed
Debug: Raw entropy bytes:
96 e6 8b fb 45 ad cb 0a d3 b0 88 5d 66 02 81 db
b3 d1 06 70 66 0d dd 5f a7 86 d3 4e 51 bd d3 15
Debug: Final SHA256: 142e525b13e4c72232840514e0d7731006c4989fa02f0370c00d3b0ac
Random: This is the raw random byte (0-255) generated by the cryptographic
random number generator (CryptGenRandom on Windows, RAND_bytes on Linux)
for each mouse movement.
Result: This is the final entropy byte calculated by combining:
Mouse X coordinate
Mouse Y coordinate
Timestamp
Random byte using XOR operations (^) and limiting to 8 bits (&0xFF)
Example from debug line:
Sample 5: Mouse(x=853, y=407) Time=1401765 Random=202 Result=173
173 is the final byte used for entropy after combining all sources.
The "Result" values you see in the sample lines are the same bytes that
appear in the "Debug: Raw entropy bytes" section, just displayed in
hexadecimal format. These are the actual bytes used for generating either
your password or hex string, depending on which mode you selected.
Regards
Stefan
-- Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTCohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox age1yubikey1qv5z678j0apqhd4ng7p22g4da8vxy3q5uvthg6su76yj0y8v7wp5kvhstum
Generate random passwords with your mouse ... :-)
Re: Generate random passwords with your mouse ... :-)