To generate a certificate we require some amount of random data. There are plenty of sources from where we can get data, but the vast majority of them are not random and cannot be used for our certificate.
Moreover, none of these sources are truly random. That's a real problem faced by any cryptography service. In order to measure the randomness of the source, we use the word Entropy. Entropy is a measure of chaos or the uncertainty of an outcome. It is inversely proportional to the predictability of a data. The more entropy is in a piece of data, the more unpredictable it is. So, 1 bit of truly random data contains 1 bit of entropy. To make our certificate we need to get 256 bits of entropy.
We have no generator available that can produce a real random stream of bits, but we can extract random bits from sources that can contain some random information. Since every human being is unique, we decided to use you personally as a random number generator. In the next step you are asked to tap on the screen. The time interval in between your taps may look constant, but if you measure those timings precisely, you'll see the difference. For example, if you measure seconds between two consecutive taps, it will always be 0 or 1 or more depending on your speed of tapping. The result is much more interesting when you measure it in Nanoseconds or in processor’s ticks.
Here are the examples of those timings:
475b 92e0 8097
475b a422 8ba4
475b b5f1 fe98
475b c749 2267
475b d8f7 4c4b
475b e8e2 0bcd
475b fa1a f772
475c 0b7d 9446
Even more, if you discard most of that timing value, you may consider the rest to be random to some extent. As you can see from the example above, the last 32 bits are already different, although I’ve tapped two or three times a second. We use the last 6 bits.
Also we use last bit from X and Y position of a tap to gather more data. When we have collected the desired amount of data, we convert it to the final certificate using a slow key derivation function. Surely, this method of random data collection is not truly random but it is good enough to be used for key generation.
- Collect entropy from taps. We collect data about tap timing, using the last 6 bits. Since we get timing data in nanoseconds there are 1.000.000.000 possible events per second. So using just 64 events out of 1 billion makes it enough random.
- We get 1 bit of entropy from x-location of tap and 1 bit from y-location.
- So, we assume that we get 8 bits of entropy from every tap. We recommend tapping at least 32 times to get data for the key. If you need more entropy, you can tap up to 256 times, which makes it equal to 1 bit of entropy from each tap.
- We understand that this method of random number generation is not truly random and could be biased some way, so we use PBKDF2-SHA256 to get the final key.
- After collecting raw data we derive the actual key using 400.000 rounds of PBKDF2. The salt for PBKDF2 is obtained from the iOS built-in secure random number generator.
Once the certificate is ready, you need to transfer it to your recipient. The most reliable way to do it is face-to-face. We made a QR-code representation of the certificate, so the other side can just scan it and verify it. The other option is to type-in a certificate based on its numeric presentation.
To e-mail a certificate is an option too, but since it is insecure, we have deliberately disabled it. If you have decided to use such a powerful tool as a certificate, please find a way to exchange it securely and do not compromise the idea.