I need to create random numbers for DHKE and call me paranoid, but I do not want to rely on Androids default pseudo random generator functions.
I will give you my ideas for getting truly random numbers:
- take a photo with camera and hash it somehow
- record short sound and hash it
- let user draw something randomly on the screen and hash the input
My favourite is n. 3, but I would like to know if any of these has any security issues? Is there a better way to get TRNG on Android?
As for 3. concretely, I know puttygen allows you to move cursor over some area to generate keys, but I find it strange that it usually takes me like 10 secs of constatnt moving to get 1024bit key. Is this really a secure way of getting random input considering that most movements do fall under some patterns (e.g. if I swipe down, I can say that its more probable ill continue swiping down than sudenly touch the screen in top right corner.
Aucun commentaire:
Enregistrer un commentaire