Timeline for True Random Number Generator by milliseconds per keystroke (TRNG-Kms)
Current License: CC BY-SA 3.0
13 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 31, 2017 at 2:49 | comment | added | forest | Keystrokes actually have quite a decent amount of variability that can be used for randomness. You do have to take more than a few samples, and you should have greater than millisecond resolution, but when you do, you get randomness from the extreme variability of the stochastic behavior of the human neuromuscular system. | |
| Jul 27, 2014 at 15:07 | history | edited | Maarten Bodewes♦ | CC BY-SA 3.0 | distinction for full entropy source , after some additional research |
| Jul 27, 2014 at 14:51 | comment | added | Paŭlo Ebermann | @xorcoder Please refrain from insulting other members of this site (or anyone at all). I don't see anything wrong with owlstead's answer. I deleted your comments. | |
| Jul 27, 2014 at 1:02 | history | edited | Maarten Bodewes♦ | CC BY-SA 3.0 | added 134 characters in body |
| Jul 27, 2014 at 0:31 | history | edited | Maarten Bodewes♦ | CC BY-SA 3.0 | added 310 characters in body |
| Jul 26, 2014 at 22:50 | history | edited | Maarten Bodewes♦ | CC BY-SA 3.0 | made answer more precise |
| Jul 26, 2014 at 22:36 | comment | added | user991 | @xorcoder : $\;\;\;$ His previous comment does say that "CSPRNG is a subclass $\hspace{1.74 in}$ of PRNG and was of course implied.". $\;\;\;\;\;\;\;$ | |
| Jul 26, 2014 at 19:56 | comment | added | Maarten Bodewes♦ | CSPRNG is a subclass of PRNG and was of course implied. To state in general that PRNG's are not considered secure is of course bunk. Maybe you should also read Dealing with Bias although I think that that Wikipedia page is not of a very high standard. Note that adding a second layer will not create a well distributed output (by itself); your output would still not be a good fit for a symmetric key let alone an OTP. | |
| Jul 26, 2014 at 19:50 | history | edited | Maarten Bodewes♦ | CC BY-SA 3.0 | added 4 characters in body |
| Jul 26, 2014 at 19:47 | comment | added | xorcoder | First of all, this is neither a negotiation nor a belief nor an argument. At least not on my part. You suggested to use the TRNG output additionally with a PRNG. And I replied to you that adding a second random number generator may increase security, but it shouldn't be done with a pseudo random number generator (PRNG), because as every skilled crypto developer (me included) out there knows, PRNGs are deterministic and cryptographically not secure. That's why people use CSRNGs and TRNGs these days. So I don't know where you got that notion that a PRNG would increase any security. It does not. | |
| Jul 26, 2014 at 18:29 | comment | added | Maarten Bodewes♦ | Cryptography is non-negotiable, and won't be altered by belief. | |
| Jul 26, 2014 at 18:20 | comment | added | xorcoder | That's a good idea using the values of milliseconds as seed inputs for a seed-based random number generator. However, I disagree with you that it should be a PRNG since any Pseudo Random Number Generator is not truly random but deterministic. In case of keystrokes randomly pressed by the user, I think it is less predictable than any PRNG / seed-based RNG imho, hence it falls into the category of TRNGs. I agree however that the milliseconds alone are not enough as input, because of the entropy, and should be further processed by a second layer of random input which obfuscates the first layer. | |
| Jul 26, 2014 at 17:23 | history | answered | Maarten Bodewes♦ | CC BY-SA 3.0 |