|
Title: Armory's Entropy on an Offline Computer Post by: RBell on April 25, 2015, 01:32:59 AM Hello!
I know Armory uses a bunch of different sources to generate entropy, but is this still effective when generating addresses on an offline computer? Could you explain to me how this works? Thanks! Title: Re: Armory's Entropy on an Offline Computer Post by: btchris on April 25, 2015, 12:08:13 PM In addition to the OS's CSPRNG (either /dev/urandom (https://en.wikipedia.org/wiki//dev/random) or CryptGenRandom (https://msdn.microsoft.com/en-us/library/windows/desktop/aa379942(v=vs.85).aspx)), it also mixes in (https://github.com/etotheipi/BitcoinArmory/blob/6d30095a2032f9edb3dfc07b6799f40a944307f1/ArmoryQt.py#L806):
Quote timestamps, down to the microsecond, of every keypress and mouseclick made during the wallet creation wizard. Also logs mouse positions on every press, though it will be constant while typing. ... Then we throw in the [name,time,size] triplets of some volatile system directories, and the hash of a file in that directory that is expected to have timestamps and system-dependent parameters. Finally, take a desktop screenshot... Please note that it only uses the sources above if you're creating a wallet via the GUI. If you're using a simple script (e.g. the one I posted a couple of days ago for creating a wallet from a deck of cards), it only uses the OS's CSPRNG for additional entropy. FYI Bither is the only other wallet I know of which goes to similar lengths for collecting additional entropy like this. Title: Re: Armory's Entropy on an Offline Computer Post by: RBell on April 25, 2015, 09:53:09 PM In addition to the OS's CSPRNG (either /dev/urandom (https://en.wikipedia.org/wiki//dev/random) or CryptGenRandom (https://msdn.microsoft.com/en-us/library/windows/desktop/aa379942(v=vs.85).aspx)), it also mixes in (https://github.com/etotheipi/BitcoinArmory/blob/6d30095a2032f9edb3dfc07b6799f40a944307f1/ArmoryQt.py#L806): Quote timestamps, down to the microsecond, of every keypress and mouseclick made during the wallet creation wizard. Also logs mouse positions on every press, though it will be constant while typing. ... Then we throw in the [name,time,size] triplets of some volatile system directories, and the hash of a file in that directory that is expected to have timestamps and system-dependent parameters. Finally, take a desktop screenshot... Please note that it only uses the sources above if you're creating a wallet via the GUI. If you're using a simple script (e.g. the one I posted a couple of days ago for creating a wallet from a deck of cards), it only uses the OS's CSPRNG for additional entropy. FYI Bither is the only other wallet I know of which goes to similar lengths for collecting additional entropy like this. Thanks! Wow yeah that is a lot. My concern is that on an offline computer, won't all that other data it grabs be very similar to other offline computers (who have nothing installed but Armory)? Or is that not a valid concern. Thanks! Title: Re: Armory's Entropy on an Offline Computer Post by: btchris on April 25, 2015, 10:10:32 PM Thanks! Wow yeah that is a lot. My concern is that on an offline computer, won't all that other data it grabs be very similar to other offline computers (who have nothing installed but Armory)? Or is that not a valid concern. Thanks! Your welcome :) It is a valid concern. I don't know about Windows, but on Linux and BSDs the good news is that it's very much understood as a valid concern, and as much as possible is done to prevent deterministic RNG results: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/drivers/char/random.c?id=refs/tags/v3.15.6#n52 (https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/drivers/char/random.c?id=refs/tags/v3.15.6#n52) Is it enough? I honestly don't know, it's a difficult problem.... Title: Re: Armory's Entropy on an Offline Computer Post by: RoadStress on April 26, 2015, 08:12:13 AM Thanks! Wow yeah that is a lot. My concern is that on an offline computer, won't all that other data it grabs be very similar to other offline computers (who have nothing installed but Armory)? Or is that not a valid concern. Thanks! Valid concern, but if the gathered data goes down to the microsecond and considering that there are various Windows (if that's what you are using) settings than can make the folders differ in size then the whole process is effective. Title: Re: Armory's Entropy on an Offline Computer Post by: RBell on April 26, 2015, 09:39:43 PM Ok, interesting.
But, that being said, it is more than what Bitcoin-qt uses, right? So if you're living by the "low hanging fruit principle", even if Armory is done on an offline computer with only Armory installed, it is better than just using Bitcoin-qt on an online computer? Or am I wrong? Title: Re: Armory's Entropy on an Offline Computer Post by: bitpop on April 26, 2015, 09:50:30 PM Using mycelium entropy would be really cool
|