Can anyone explain what this is doing?
- Thread starter Rubycon
- Start date
Joemonkey
Diamond Member
- Mar 3, 2001
- 8,859
- 4
- 0
probably taking the X and Y coordinates of your moving the mouse and creating the encryption key based on it. Unless you had a robot moving the exacty same model of mouse on the exact same computer over and over it would be pretty difficult to match the exact same movements you made.
Encryption routines need a key, the best keys are as close to random data as possible. Threir are very few ways for a computer to generate truely random data, so the program is using your series of mouse moves to best create a series of random inputs.
bsobel and Joemonkey are correct.
Without randomness built in, the key you generate can be much more easily discovered. It's probably measuring the X,Y coordinates of your movements and supplementing that with time data between the recording of each pair.
Consider what would happen without the random generator. The application would have an algorithm to calculate a key based solely on the information in the computer. A common piece of data it might use is a timestamp. An attacker could use social engineering or malware to discover what program you used to create the key, and reverse engineer it to discover how the key was created. It then becomes a simple brute force on a much smaller subset of possible keys.
Add in the randomness factor, and the integrity of your key is maintained even if the attacker knows what program you used.
Nope. I see what you're thinking though. A hash is not random because you can easily reproduce it by putting the same inputs through the hashing algorithm.
For example, hashing "blahblah" through hasing algorithm XYZ results in "1234".
Wait a week, then hash "blahblah" through XYZ again, and you'll get "1234" again.
However, run your encryption program today and move your mouse around. The program generates some data.
Wait a week, and run it again. Your program will generate much different data, even IF you could copy your exact mouse movements over again.
Without randomness built in, the key you generate can be much more easily discovered. It's probably measuring the X,Y coordinates of your movements and supplementing that with time data between the recording of each pair.
Consider what would happen without the random generator. The application would have an algorithm to calculate a key based solely on the information in the computer. A common piece of data it might use is a timestamp. An attacker could use social engineering or malware to discover what program you used to create the key, and reverse engineer it to discover how the key was created. It then becomes a simple brute force on a much smaller subset of possible keys.
Add in the randomness factor, and the integrity of your key is maintained even if the attacker knows what program you used.
Nope. I see what you're thinking though. A hash is not random because you can easily reproduce it by putting the same inputs through the hashing algorithm.
For example, hashing "blahblah" through hasing algorithm XYZ results in "1234".
Wait a week, then hash "blahblah" through XYZ again, and you'll get "1234" again.
However, run your encryption program today and move your mouse around. The program generates some data.
Wait a week, and run it again. Your program will generate much different data, even IF you could copy your exact mouse movements over again.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 24K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 20K
-
-
-
Facebook
Twitter