Hi Ron , nice to see you too! It has been a number of years, hasn't it? 
Crypto is timestamped back in 2010, so there is is. I hope these have 
been kind years to you, as they have for me.

I love the idea of optional sources of entropy, depending on the 
deployed capabilities. So there are our mouse points and such, because 
they ought to be optional.

What are some reliably present sources in the most minimal situation? If 
we could define minimal as an image with no image level I/O beyond file 
I/O, I would think we'd have: Kernel, System, Collections, Compiler and 
FFI. Some intransitives in that scope for entropy would be grand.

I was thinking to take 5 millisecondClockValues, separated by 4 
non-secure random intervals: take the low order byte of the 4 intervals 
and reverse & concat them, as a entropic source.

I can coordinate these changes. Ron, could you add me to the 
Cryptography team so I can upload the Pharo Cryptography #bleedingEdge?

Thanks and I look forward to more, :)

Robert

On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
> Hi Robert,
>
> Nice to see you!
>
> Looks interesting I know that Chris did something gathering sources of entropy.  Seems like the more the better.  Could you just make the entropy sources optional such that if they exist we use them?  I would have to go back and see what Chris did but he was following suggestions from Schneider in his secureRandom.
>
> All the best,
>
> Ron Teitelbaum
>
>> -----Original Message-----
>> From: Pharo-dev [mailto:pharo-dev-bounces at lists.pharo.org] On Behalf Of
>> Robert Withers
>> Sent: Sunday, October 18, 2015 5:00 AM
>> To: The general-purpose Squeak developers list; Pharo Development List
>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo] RandomGenerator
>> class>>unpredictableStringsDo:
>>
>> I'm sorry, I forgot the code. I list the existing method, followed by my
>> modified Pharo method below. I welcome any feedback.
>>
>> Regards,
>> Robert
>>
>> ---
>> Existing:
>> unpredictableStringsDo: aBlock
>> 	"Enumerate sources of information from my environment that
>> should be generally hard to guess."
>> 	| time |
>> 	time := Time millisecondsToRun:
>> 		[ aBlock
>> 			value: World imageForm bits compressToByteArray ;
>> 			value: Sensor mousePoint x asString ;
>> 			value: Sensor mousePoint y asString ;
>> 			value: Time millisecondClockValue asByteArray ;
>> 			value: Date today asString ;
>> 			value: Time now asString ;
>> 			value: Display extent asString.
>> 		100 timesRepeat: [ aBlock value: UUID new ].
>> 		#(vmVersion platformName primVmPath imageName
>> platformSubtype datedVersion lastQuitLogPosition vmStatisticsReportString
>> imageName)
>> collect:
>> 			[ : each |
>> 			aBlock value: (SmalltalkImage current perform: each)
>> asByteArray ] ].
>> 	aBlock
>> 		value: time asByteArray;
>> 		"maybe the pointer has moved, hit it again."
>> 		value: Sensor mousePoint asString ;
>> 		value: Time millisecondClockValue asByteArray
>>
>> ---
>> Pharo port:
>> unpredictableStringsDo: aBlock
>> 	"Enumerate sources of information from my environment that
>> should be generally hard to guess."
>>
>> 	| time |
>> 	time := Time millisecondsToRun:
>> 		[ aBlock
>> 			value: Time millisecondClockValue asByteArray ;
>> 			value: Date today asString ;
>> 			value: Time now asString.
>> 		100 timesRepeat: [ aBlock value: UUID new ].
>> 		#(version primImagePath imagePath datedVersion
>> lastQuitLogPosition)
>> collect:
>> 			[ : each |
>> 			aBlock value: (SmalltalkImage current perform: each)
>> asByteArray ] ].
>> 	aBlock
>> 		value: time asByteArray;
>> 		value: Time millisecondClockValue asByteArray
>>
>>
>> On 10/18/2015 04:23 AM, Robert Withers wrote:
>>> This is a message intended for anyone who was on the Cryptography team.
>>> I recently ported it to Pharo and had to make changes to
>> RandomGenerator
>>> class>>unpredictableStringsDo:. This certainly removed some uncertainty
>>> from the results of this message. My question is what should I do about
>>> that? This method seems to require non-headless, as it is checking the
>>> mouse point and such. This being a crypto cornerstone, what the best
>>> answer here.
>>>
>>> Thank you,
>>> Robert
>
>
>