I’m encrypting a drive on my PC and the software I’m using instructed me to move my mouse as randomly as possible before it formatted for encryption. It says this “significantly increases” the encryption. How?

631 views
0

I’m encrypting a drive on my PC and the software I’m using instructed me to move my mouse as randomly as possible before it formatted for encryption. It says this “significantly increases” the encryption. How?

In: Technology

That’s a new one. It might be using the mouse inputs as a “random” number to encrypt the data with.

Encryption needs random data to work effectively. If you can detect patterns it becomes much easier to break. A computer can’t truly generate random data, though, only an approximation based on inputs available to the system. When installing a new OS is installed it can happen there is not enough pseudo-random information for effective encryption. Very “sterile” environments like a virtual machine are especially susceptible to this problem.

To prevent this your software is set up to collect some extra input before encrypting, though in your case it probably does not make much of a difference.

Computers are not good at generating random numbers. Most programs use psuedo-random number generators, which can actually generate predictable numbers. This means it could be significantly lower the amount of time it takes for hackers to crack your encryption key as they can narrow down the possibilities. Mouse cursor movements are also somewhat predictable, but significantly less than psuedo-random number generators.

Computer are bad at making truly random numbers, because they’re running code and code is, by definition, deterministic: it has to run in a certain way. We can make a sort-of-random algorithm (algorithm is just a fancy word for a piece of code) that takes an input (a seed) and then uses that to decide on different paths through the code.

For example I can ask the user to enter a word, and then use things like the length of the word, the letters of the alphabet used, the “difference” between the letters used etc to take different paths through the code. This makes a hard-to-predict result which looks random but actually isn’t, because you’d get the same result if you used the same seed data. We call this “pseudo-random”, which means “sort of random”

The trick, then, is to find good quality seed data. Good random number generators will basically find as many sources for this data as they can: for example you could use the current date and time (including milliseconds, since that changes a lot), or you can do things like look at the number of network errors you’ve had in the last hour since that’s likely to include some actually-random line noise.

By combining a good pseudo-random algorithm and a good random-ish source of seed data, we can produce something pretty close to random. In most cases, this is sufficient.

If you’re **really** paranoid, though, you can add in other sources of actual random data and either just use the output directly, or use the output as seed data for your algorithm. For example you could take some radioactive material and measure the decay and use that.

Obviously it’s not easy to get hold of radioactive material, though, so most software will find something a little more accessible… humans are pretty random, so we can use one of those. Namely you. Now all the system needs to do is as you to do something that’s hard to control precisely (move a mouse, for example) and that you will do for a reasonable length of time.

Moving a mouse for 30 seconds will mean that you have potentially hundreds of different movements with lots of different data: start and end points, travel time, travel distance, pauses between movement etc. It’s pretty close to truly random.

By having you move your mouse a lot, we have easy access to a pretty random source of seed data that will be almost impossible to reproduce