Author

Topic: Armory's Entropy on an Offline Computer (Read 1242 times)

legendary
Activity: 2912
Merit: 1060
April 26, 2015, 04:50:30 PM
#7
Using mycelium entropy would be really cool
newbie
Activity: 14
Merit: 0
April 26, 2015, 04:39:43 PM
#6
Ok, interesting.

But, that being said, it is more than what Bitcoin-qt uses, right? So if you're living by the "low hanging fruit principle", even if Armory is done on an offline computer with only Armory installed, it is better than just using Bitcoin-qt on an online computer?

Or am I wrong?
legendary
Activity: 1904
Merit: 1007
April 26, 2015, 03:12:13 AM
#5
Thanks! Wow yeah that is a lot.  My concern is that on an offline computer, won't all that other data it grabs be very similar to other offline computers (who have nothing installed but Armory)? Or is that not a valid concern.

Thanks!

Valid concern, but if the gathered data goes down to the microsecond and considering that there are various Windows (if that's what you are using) settings than can make the folders differ in size then the whole process is effective.
hero member
Activity: 672
Merit: 504
a.k.a. gurnec on GitHub
April 25, 2015, 05:10:32 PM
#4
Thanks! Wow yeah that is a lot.  My concern is that on an offline computer, won't all that other data it grabs be very similar to other offline computers (who have nothing installed but Armory)? Or is that not a valid concern.

Thanks!

Your welcome Smiley

It is a valid concern. I don't know about Windows, but on Linux and BSDs the good news is that it's very much understood as a valid concern, and as much as possible is done to prevent deterministic RNG results: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/drivers/char/random.c?id=refs/tags/v3.15.6#n52

Is it enough? I honestly don't know, it's a difficult problem....
newbie
Activity: 14
Merit: 0
April 25, 2015, 04:53:09 PM
#3
In addition to the OS's CSPRNG (either /dev/urandom or CryptGenRandom), it also mixes in:
Quote
timestamps, down to the microsecond, of every keypress and mouseclick made during the wallet creation wizard. Also logs mouse positions on every press, though it will be constant while typing. ... Then we throw in the [name,time,size] triplets of some volatile system directories, and the hash of a file in that directory that is expected to have timestamps and system-dependent parameters. Finally, take a desktop screenshot...

Please note that it only uses the sources above if you're creating a wallet via the GUI. If you're using a simple script (e.g. the one I posted a couple of days ago for creating a wallet from a deck of cards), it only uses the OS's CSPRNG for additional entropy.

FYI Bither is the only other wallet I know of which goes to similar lengths for collecting additional entropy like this.

Thanks! Wow yeah that is a lot.  My concern is that on an offline computer, won't all that other data it grabs be very similar to other offline computers (who have nothing installed but Armory)? Or is that not a valid concern.

Thanks!
hero member
Activity: 672
Merit: 504
a.k.a. gurnec on GitHub
April 25, 2015, 07:08:13 AM
#2
In addition to the OS's CSPRNG (either /dev/urandom or CryptGenRandom), it also mixes in:
Quote
timestamps, down to the microsecond, of every keypress and mouseclick made during the wallet creation wizard. Also logs mouse positions on every press, though it will be constant while typing. ... Then we throw in the [name,time,size] triplets of some volatile system directories, and the hash of a file in that directory that is expected to have timestamps and system-dependent parameters. Finally, take a desktop screenshot...

Please note that it only uses the sources above if you're creating a wallet via the GUI. If you're using a simple script (e.g. the one I posted a couple of days ago for creating a wallet from a deck of cards), it only uses the OS's CSPRNG for additional entropy.

FYI Bither is the only other wallet I know of which goes to similar lengths for collecting additional entropy like this.
newbie
Activity: 14
Merit: 0
April 24, 2015, 08:32:59 PM
#1
Hello!

I know Armory uses a bunch of different sources to generate entropy, but is this still effective when generating addresses on an offline computer?

Could you explain to me how this works?

Thanks!
Jump to: