[squeak-dev] [Pharo-dev] [Cryptography port to Pharo] RandomGenerator class>>unpredictableStringsDo:

Robert Withers robert.w.withers at gmail.com
Mon Oct 19 17:52:49 UTC 2015


This is great guys. Is there a way to get this from the image? Good to 
get it with an FFI/OSProcess call or something.

Thank you,
Robert

On 10/19/2015 08:58 AM, Louis LaBrunda wrote:
> Hi Guys,
>
> How about getting the CPU temperature.  I think most CPUs support "Digital
> Thermal Sensor" (I'm not sure about ARM).  I think it is seven bits.  The
> real range should be less than that but it may be enough to help add some
> entropy.
>
> Lou
>
> On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers
> <robert.w.withers at gmail.com> wrote:
>
>> Hi Ron , nice to see you too! It has been a number of years, hasn't it?
>> Crypto is timestamped back in 2010, so there is is. I hope these have
>> been kind years to you, as they have for me.
>>
>> I love the idea of optional sources of entropy, depending on the
>> deployed capabilities. So there are our mouse points and such, because
>> they ought to be optional.
>>
>> What are some reliably present sources in the most minimal situation? If
>> we could define minimal as an image with no image level I/O beyond file
>> I/O, I would think we'd have: Kernel, System, Collections, Compiler and
>> FFI. Some intransitives in that scope for entropy would be grand.
>>
>> I was thinking to take 5 millisecondClockValues, separated by 4
>> non-secure random intervals: take the low order byte of the 4 intervals
>> and reverse & concat them, as a entropic source.
>>
>> I can coordinate these changes. Ron, could you add me to the
>> Cryptography team so I can upload the Pharo Cryptography #bleedingEdge?
>>
>> Thanks and I look forward to more, :)
>>
>> Robert
>>
>> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
>>> Hi Robert,
>>>
>>> Nice to see you!
>>>
>>> Looks interesting I know that Chris did something gathering sources of entropy.  Seems like the more the better.  Could you just make the entropy sources optional such that if they exist we use them?  I would have to go back and see what Chris did but he was following suggestions from Schneider in his secureRandom.
>>>
>>> All the best,
>>>
>>> Ron Teitelbaum
>>>
>>>> -----Original Message-----
>>>> From: Pharo-dev [mailto:pharo-dev-bounces at lists.pharo.org] On Behalf Of
>>>> Robert Withers
>>>> Sent: Sunday, October 18, 2015 5:00 AM
>>>> To: The general-purpose Squeak developers list; Pharo Development List
>>>> Subject: Re: [Pharo-dev] [Cryptography port to Pharo] RandomGenerator
>>>> class>>unpredictableStringsDo:
>>>>
>>>> I'm sorry, I forgot the code. I list the existing method, followed by my
>>>> modified Pharo method below. I welcome any feedback.
>>>>
>>>> Regards,
>>>> Robert
>>>>
>>>> ---
>>>> Existing:
>>>> unpredictableStringsDo: aBlock
>>>> 	"Enumerate sources of information from my environment that
>>>> should be generally hard to guess."
>>>> 	| time |
>>>> 	time := Time millisecondsToRun:
>>>> 		[ aBlock
>>>> 			value: World imageForm bits compressToByteArray ;
>>>> 			value: Sensor mousePoint x asString ;
>>>> 			value: Sensor mousePoint y asString ;
>>>> 			value: Time millisecondClockValue asByteArray ;
>>>> 			value: Date today asString ;
>>>> 			value: Time now asString ;
>>>> 			value: Display extent asString.
>>>> 		100 timesRepeat: [ aBlock value: UUID new ].
>>>> 		#(vmVersion platformName primVmPath imageName
>>>> platformSubtype datedVersion lastQuitLogPosition vmStatisticsReportString
>>>> imageName)
>>>> collect:
>>>> 			[ : each |
>>>> 			aBlock value: (SmalltalkImage current perform: each)
>>>> asByteArray ] ].
>>>> 	aBlock
>>>> 		value: time asByteArray;
>>>> 		"maybe the pointer has moved, hit it again."
>>>> 		value: Sensor mousePoint asString ;
>>>> 		value: Time millisecondClockValue asByteArray
>>>>
>>>> ---
>>>> Pharo port:
>>>> unpredictableStringsDo: aBlock
>>>> 	"Enumerate sources of information from my environment that
>>>> should be generally hard to guess."
>>>>
>>>> 	| time |
>>>> 	time := Time millisecondsToRun:
>>>> 		[ aBlock
>>>> 			value: Time millisecondClockValue asByteArray ;
>>>> 			value: Date today asString ;
>>>> 			value: Time now asString.
>>>> 		100 timesRepeat: [ aBlock value: UUID new ].
>>>> 		#(version primImagePath imagePath datedVersion
>>>> lastQuitLogPosition)
>>>> collect:
>>>> 			[ : each |
>>>> 			aBlock value: (SmalltalkImage current perform: each)
>>>> asByteArray ] ].
>>>> 	aBlock
>>>> 		value: time asByteArray;
>>>> 		value: Time millisecondClockValue asByteArray
>>>>
>>>>
>>>> On 10/18/2015 04:23 AM, Robert Withers wrote:
>>>>> This is a message intended for anyone who was on the Cryptography team.
>>>>> I recently ported it to Pharo and had to make changes to
>>>> RandomGenerator
>>>>> class>>unpredictableStringsDo:. This certainly removed some uncertainty
>>>>> from the results of this message. My question is what should I do about
>>>>> that? This method seems to require non-headless, as it is checking the
>>>>> mouse point and such. This being a crypto cornerstone, what the best
>>>>> answer here.
>>>>>
>>>>> Thank you,
>>>>> Robert
>>>
>>>
>>>
>>
> -----------------------------------------------------------
> Louis LaBrunda
> Keystone Software Corp.
> SkypeMe callto://PhotonDemon
> mailto:Lou at Keystone-Software.com http://www.Keystone-Software.com
>
>


More information about the Squeak-dev mailing list