Get rid of the randomly moving your mouse?

[blip]

I always get frustrated when having to do this in Truecrypt. I usually spend 5-10 minutes moving my mouse cursor to ensure the cryptographic strength of the keys.

What is the ideal amount of time to spend?

And would it be possible to get rid of this feature altogether? As I understand, Veracrypt is capable of calculating truly random numbers. Wouldn't that be stronger than a human moving his mouse creating pseudo-random numbers?

Thanks.

[Seb]

I don't mind taking the time to work with this feature actually. Because really, no two human is going to EVER be able to coincidentally move their mouse in the same exact places for a 5 minute time period let alone the 30 minutes I spend doing mine. 5 minutes is probably long enough if you take into consideration password length/strength, PIM, and keyfiles. You likely aren't battling the NSA head on. If you are concerned, just throw on a TV show in the background and move your mouse while you watch. Or better yet, have a (50GB outer container<and a="" 49GB="" inner="" container="">) both with 25 character passwords and 5 minutes of "move time" for entropy and such. You'll be doubling your security and only taking an extra 60 seconds or so on the mount time.

Seb

[Enigma2Illusion]

The mouse is only one part of creating random values. You can read about the details at the link below.

https://veracrypt.codeplex.com/wikipage?title=Random%20Number%20Generator

Seb wrote:

You'll be doubling your security and only taking an extra 60 seconds or so on the mount time.

The amount of time spent moving the mouse will not impact the mount volume times.

[Seb]

Was referring to the sentence I wrote directly before the comment about 60 seconds and mount time ie: ". Or better yet, have a (50GB outer container<and a="" 49GB="" inner="" container="">) both with 25 character passwords and 5 minutes of "move time" for entropy and such."

:)

[Testoslav]

You likely aren't battling the NSA head on

You can move your wireless mouse hour long and NSA can have every your move recorded ;-) Even wired mouse and keyboard can be monitored from distance, but in today's wireless world we are making it really easy for them.

[WRVC2016]

I was a big TrueCrypt user and have created lots of TC file containers and volumes. A few years ago, I wrote a program where it grabs the handle of the TrueCrypt window and from there, it moves the cursor randomly. You can even do this in VBA (Excel or Access).

Rather than requesting to get rid of this feature, maybe requesting a program to move the cursor randomly maybe a good addition. :)

https://www.dropbox.com/sh/h6l9zsmscztgx33/AABVFZP4XUpgFupyrOvhKX58a?dl=0

[Enigma2Illusion]

VeraCrypt already has a random generator. The idea of moving the mouse is to increase the entropy manually verses programmatic solutions.

Mounir has implemented in the latest 1.17 BETA version a strength indicator.

I have implemented GUI indicator of the gathered entropy using a progress bar as suggested.
For now, I use only the default color, so no red/yellow/green (too much time to implement).

The basic ideas:
1. each mouse movement event brings 1-bit of entropy (very conservative)
2. The size of our internal random pool is 320 bytes = 2560 bits, so we set the 100% level of progress bar to 2560 and we increment by 1 for each mouse movement event.

https://veracrypt.codeplex.com/discussions/650238

https://veracrypt.codeplex.com/workitem/369

Beta 1.17 thread:
https://sourceforge.net/p/veracrypt/discussion/technical/thread/d36e6405/

[WRVC2016]

The random strength indicator is awesome! Good implementation.