7

When creating a Truecrypt volume, there is the wizard page in which the user is told to randomly move the mouse (the longer the better) to generate entropy, and that it will significantly increase the strength of the encryption keys.

I have the feeling that the increase in the randomness of the keys will no more be really significant after having moved the mouse for some time, but I don't know how to get an order of magnitude for that.

In other words, will the encryption keys be really stronger if I move the mouse for 3 minutes instead of 1? For how long would you move your mouse?

Thanks.

Benoit
  • 493
  • 1
  • 5
  • 11

3 Answers3

10

The PRNG in the host machine feeds on hardware event for randomness. When you move the mouse, it sends "move events" to the PC, where a "move event" is like "hey, PC, I just moved 0.58 cm up and 0.31 cm left". A typical rate would be 15 move events per second (gaming mice have a higher rate). On the OS side, the amount of movement in each direction, and the exact time at which the event is received, will be used as "entropy".

The bright thing about entropy is that it just adds up, as long as you use a cryptographic hash function to mix it up into the entropy pool. The OS does that. About 128 bits of entropy are enough but the paranoid will like to go a bit beyond, if only to win at games of my-entropy-is-longer-than-yours. It can be assumed (a very conservative estimate) is that each move event will yield at least one bit of entropy (which means that if an attacker tries to predict the time and amount of the next move event, he will do no better than exhibit two equally probable events). So you will have at least 15 bits worth of entropy per second, i.e. 128 bits of entropy in less than nine seconds.

Therefore, it is not needed to torture your mouse more than a dozen of seconds. Moving the mouse for one minute is already total overkill.

(Since the OS began gathering entropy since boot time, and feeds on more hardware events than just the mouse, it actually already has more entropy than needed, and the whole dancing mouse thing is more ritual and psychological than scientific; it makes you feel secure more than it actually adds to real security.)

Community
  • 1
Tom Leek
  • 170,038
  • 29
  • 342
  • 480
  • So, this “the longer the better” thing is rather funny than useful. Thank you for this answer. – Benoit Mar 19 '13 at 13:45
  • 1
    Actually, I think that this is more than a "ritual", as it protects from a potential flaw in the OS's PRNG. A flaw or a backdoor. The problem it's trying to solve isn't the lack of entropy, but the reliance on the system's API to generate keys. – Hey Aug 11 '17 at 11:19
  • PS/2 mice have a _far_ higher update rate than 15 Hz since it's interrupt-driven. – forest Sep 22 '18 at 11:06
3

1. Background

Computers aren't able to generate truly random numbers, they think the way you tell them to think, they can't come up with random numbers on their own. Generating keys for an encryption scheme is simply a mathematical operation. It needs an input, and it gives an output.

PRNG(X) = Y

As long as you provide the same X you'll always get the same Y. Keep the equation in your mind.

2. Entropy

So we can't get truly random Y, but we can get the next best thing; a lower chance of reproducibility. So, the less likely it is to come up with the same X again, the more "random" Y is. This process is called increasing the entropy.

3. TrueCrypt

The way TrueCrypt increases the entropy is by collecting information that are unlikely to be repeated again, such as timestamps, /dev/random in Linux/Mac OS X, CryptoAPI in Windows, network statistics, and mouse & keyboard.

4. Mouse Movement

Finally, what does all of the above has to do with mouse movement? I think you've figured it out by now. The more you move the mouse the more you'll increase the entropy. Moving your mouse for 1 second will have a certain amount of entropy, and moving it for 10 seconds will certainly have more entropy. But how much entropy is practically sufficient? Luckily for us, Thomas Pornin has crunched the numbers and it turns out that 128 bit is enough.

Edit:So, also according to Thomas, 9 seconds are enough to generate 128bit of entropy.

Community
  • 1
Adi
  • 43,953
  • 16
  • 137
  • 168
0

This question isn't really answerable as it depends on how randomly you can move your mouse. If you can move your mouse truly randomly for 1 minute, it would likely be far better than moving your mouse up and down for 20. Problem is people are really bad at being random and very good at finding and making patterns. Thus, it is fairly likely that your movements won't be completely random and if a pattern of some type forms, then the longer time could add very little or might even take some security away depending on how their algorithm works.

A lot of such algorithms just sum up the motion to form a random seed for a cryptographic pseudo-random number generator and then use the output from that PRNG to generate a key.

AJ Henderson
  • 41,896
  • 5
  • 63
  • 110