Moving mouse while creating PGP key. Why?

Brutkruemel · March 21, 2016, 8:28pm

Hi,

i was wondering why i have to move the mouse around while the key for PGP or other encryption is generated.
Cant it jsut generate a random one?
And why not?

Thanks!

warmdrink · March 21, 2016, 8:32pm

Moving your mouse, typing, downloading a picture of a cat and doing anything else at all on your computer generates entropy which is the raw data that goes into generating random data. It helps ensure your PGP key is unique, since the entropy generated when YOU move YOUR mouse with YOUR software / hardware configuration is gonna be totally different to the entropy I generate.

So when you generate a new key, you get asked to move your mouse around to generate even more entropy for even more randomness.

Brutkruemel · March 21, 2016, 8:37pm

ah i see. so an algorithm that generates a random string could create the same key more often. and through moving my mouse, the the algorithm can create a unique key for just me?

is it correct to say that?

warmdrink · March 21, 2016, 8:41pm

Kinda, random is random and even without moving your mouse it's almost impossible to generate the same key twice. Just like how you pretty much can never shuffle a deck of cards in the same order twice, and each time you do there's a very good chance you've shuffled it into an order that has never been seen since the first 52 card deck was shuffled.

Brutkruemel · March 21, 2016, 8:43pm

ok. great!

thank you so much! :)

warmdrink · March 21, 2016, 8:53pm

No problem! I'm not cryptographer and there's plenty of gaps in my knowledge, so I'm pretty sure that I've just described randomness in a way that would make Phil Zimmermann shake his head, weep and wonder where he went so wrong but it's still basically what's going on.

Brutkruemel · March 21, 2016, 8:58pm

yes me neither. but for the meantime i just tell myself that it is so that the key is unique to me :)

Th3Z0ne · March 21, 2016, 9:07pm

For a PC, the most random part is the human =) - thus the human input for pseudo random number generators ^^ - so finally its good that people are that random ;)

Mandrewoid · March 21, 2016, 10:46pm

Yeah basically computers aren't actually capable of doing anything totally randomly. everything a CPU does is deterministic. Same input in > same output out I have no idea how the pseudorandom number generator works in the software you're using exactly, but it is using you as a source of something that is inconsistent.

One method of pseudorandom number generation using electronics hardware is This: https://en.wikipedia.org/wiki/Linear_feedback_shift_register#Uses_in_cryptography

In there it sort of explains how the flaws in it are as well.

Brutkruemel · March 22, 2016, 9:19am

oh great! Thank you!