https://steemit.com/security/@profitgenerator/generate-secure-random-passwords-or-private-keys
In summary the method is this:
- Use the internet to find public data on it that has large information content: files,music, videos, etc.. , or add your own if possible
- All files kept as secret as possible, for obvious reasons, if we want this to be our entropy source
- We gather X number files from a search engine using random keywords, we gather another P number files , where X = P
- Instead of using XOR, due to fears of short key, we just encrypt all the P files with AES256CBC with separate keys generated with the OS's default RNG, the AES256CBC encrypted files will be E
- Then we take the 512 bit hash of the E files, add a random salt to each of them, and use these as separate AES256CBC encryption keys with which we encrypt all the X files separately with AES256CBC
- Then all encrypted X file are already a unique good source of randomness, then we put all X files in a .tar file, and this is our MAINENTROPY.tar file
So when we just want to create a password, we just take the SHA1,SHA256, or SHA512 bit hash of the MAINENTROPY.tar file and that will be our private key.
After use, we just add another random file inside the archive, to act as a salt or nonce, and produce a new unique hash next time we use it.
What do you think?