Title: Entropy source for smartphone or HW wallet Post by: jl2012 on September 23, 2013, 06:22:58 AM Can we use the accelerometer in smartphone as entropy source (or adding it to HW wallet, costs only about 1 USD)? When generating a new address, or signing, the user is asked to shake the device for a few seconds. That should give plenty of randomness
Title: Re: Entropy source for smartphone or HW wallet Post by: empoweoqwj on September 23, 2013, 06:45:28 AM Sound plenty reasonable.
Title: Re: Entropy source for smartphone or HW wallet Post by: Mike Hearn on September 23, 2013, 08:31:28 AM In theory devices are already supposed to collect entropy from device driver readings. Whether they do or not is an open question - it would require checking the kernel sources of lots of different shipping devices. It wouldn't surprise me to learn that some cheap devices have poorly done kernels that don't bother collecting entropy.
Rather than only using the accelerometers I think an easier and more robust approach would be to combine accelerometer data with a photo taken by the user (and then hashing the pixel data). A random photo of the users environment at the time they create the wallet should be plenty unpredictable. I filed this bug against the Android wallet some time ago: https://code.google.com/p/bitcoin-wallet/issues/detail?id=219 But it requires a lot of fairly boring programming to be completed first:
All those things are valuable by themselves, but as you can see, it's more work than you might have imagined. Title: Re: Entropy source for smartphone or HW wallet Post by: jl2012 on September 23, 2013, 11:18:14 AM Asking for camera privilege has some privacy concern. Combining other standard Android detectors such as digital compass and light sensor should be good enough
Title: Re: Entropy source for smartphone or HW wallet Post by: Peter Todd on September 23, 2013, 11:20:29 AM Asking for camera privilege has some privacy concern. Combining other standard Android detectors such as digital compass and light sensor should be good enough The Android wallet already has the ability to use the camera to read QR codes. Title: Re: Entropy source for smartphone or HW wallet Post by: someone42 on September 23, 2013, 01:53:03 PM Can we use the accelerometer in smartphone as entropy source (or adding it to HW wallet, costs only about 1 USD)? When generating a new address, or signing, the user is asked to shake the device for a few seconds. That should give plenty of randomness For HW wallets, there are faster (in raw bits/s) ways to collect entropy for < 1 USD in parts and with no user interaction required. I describe some of them here: https://bitcointalk.org/index.php?topic=127587.msg1434009#msg1434009 (https://bitcointalk.org/index.php?topic=127587.msg1434009#msg1434009), but I am sure there are many more ways. These also have the benefit of being internal, so it is more difficult for an observer to guess the state of your entropy pool. |