Best Python way to harvest user entropy from keystrokes a la PGP? [closed]

https://stackoverflow.com/questions/15129304

16-03-2022
|

Question

Does anyone recall PGP prompting a user to "generate some entropy" by striking random keys?

PGP would measure the entropy as it was being collected, indicating to the user with a cool little progress bar, and internally would time the key strokes, do some processing and use this as a seed for something or other.

I want to make a quick routine (console app) that does a similar "entropy collection" step in python, but I'm at a loss regarding a number of issues :

Best method of timing
Best method of collecting individual keystrokes
Best method to display cool progress bar back to user
Ideas about processing step, or actual details of the PGP step.

Best in the above means :

Tightest cleanest code
Most accurate (as in timing to picosecond or something)
Most pythonic/functional and using the standard library

Solution

So yeah :

def gen_user_random():
    from Fourganizical import pack8
    import time,sys
    print 'Hey there user, start a-bashing that keyboard to make some randomness.'
    keystimes = []
    lasttime = None
    while len(keystimes) < 20:
            key = getch()
            timenow = (time.time() + time.clock())
            if lasttime:
                    timesince = timenow-lasttime
                    keystimes.append(int(timesince*100000000000000000))
            lasttime = timenow
    print 'Check out this *nasty* random number you made!'
    rnum = int(''.join([str(x) for x in keystimes]))
    print rnum
    print 'And OMG here is that *nasty* set of bytes it made!'
    rbytes = pack8(rnum)
    print
    sys.stdout.write(''.join(rbytes))
    print
    print
    return keystimes

This creates some really nasty randomness.

pack8 just takes an integer of any length and outputs it in radix 256 as a sequence of bytes.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow