Entropy Hack/H? 5 ƻ HACKEtpy TRAPTRAPTaltcode/codecodetAIN ctFRM qtFRM tSTRtSTRtverConfidence TestRound ^1. Please tap a couple of times at random locations then tap OK.OKNV/ NO-@ n Pf<P ' HResult 2:>HP  OK2  n2REntropy Hack 0.3' Generates high quality random' numbers for security applications.A OK' wjoat@joat.ca - http://www.joat.ca'*kFraser McCrossan'#_Copyright 2002 byThe Entropy Hack uses user-generated system events to generate a pool of randomness or "entropy", which is used in conjunction with a counter and a secure one-way hash function to generate high-quality pseudo-random numbers suitable for security applications such as password generation and encryption. Although not truly random, the numbers are designed to be highly resistant to prediction by an attacker. All feedback on how they can be made more resistant is welcomed. The numbers should only be used for applications unconnected with the PalmOS device on which they are generated, since the entropy state data structure is accessible to any other PalmOS application on the same device. Entropy is gathered from the following activities: - pen down events - key presses or entered characters - pen up events Each event is hashed using MD5 together with the current 128 bit entropy pool plus a counter to generate a new entropy pool. When an application requests a random number, the pool is hashed with the counter to generate 8 values, which are returned for subsequent requests. The gathered entropy is lost after a system reset (it is stored in Feature memory). If you find any bugs, or have any comments or suggestions for the Entropy Hack, please email joat@joat.caThe Confidence Test is intended to reassure you that the hack is operating properly and is bypassing the weak system pseudo-random number generator. The test performs two rounds. Each round clears all entropy history then pops up a dialog requesting some random taps. It then calls SysRandom() twice, the first time using the seed value 0xDADACAFE, and the second time with no seed. If the hack is not working (or not enabled), both test results will be the same, or will show similar patterns. If the hack is working properly, both values will be completely different. Note that even when the hack is working, the first and fifth hex digits will always be between 0 and 7, since the system specifies that random values will be between 0 and 32767. Avoid using the Confidence Test often; doing so removes all gathered entropy.0.3