Nth Dimension/blog:: Negatively discriminating against idiots since 1995!
2009-03-27 16:54:10
Analysing PinSentry
By Tim Brown
Since Ahead Of The Times took their PinSentry apart, I thought it was about time to share my analysis thus far of the numbers it generates:
![[PinSentry.png - that doesn't look very random]](/images/PinSentry.png)
This graph is based upon a sampling of 100 sequential responses to the "Identify" function he mentions in his blog. Since sampling by hand is rather tedious, these samples were gathered over a 2-3 week period whenever I had a spare second or two.
The number generation doesn't appear to be time determinate, since the time elapsed between sampling varied wildly. Over my relatively small sample, the change per response was found to be between ~500 and ~500k with an average change of ~138k. BurpSuite reckons the effective entropy is about 16 bits at a 1% significance level.
I'm struggling to think of applicable threat models but maybe someone else will. Of course, if anyone wants to lend me their PinSentry and card, I'll be happy to give it some further thought ;).
Mood: Intrigued
Music: Nothing playing right now
You are unknown, comment?
![[del.icio.us - Post this page to del.icio.us]](images/del.icio.us.png "[del.icio.us.png - Post this page to del.icio.us]")
![[twitter - Post this page to twitter]](images/twitter.png "[twitter.png - Post this page to twitter]")
2009-03-27 20:21:38
Clarification
By Tim Brown
Just to be totally clear, I'm not saying there is anuthing wrong with how PinSentry generates its numbers, this is just a partial observation by myself of how it works. More analysis required.