> At most, I would think you'd only be able to collect a few bits. Agreed, I think using anything but the lowest bits would be dangerous. But most smartphones (especially ones with GPS sensors) have other sensors that would be better contributors of entropy, and aren't monitorable by any remote adversary: Acceleration, Orientation, Microphone, Camera, probably some others. You may also be able to get some bits from the Antenna and Wifi Signals Strengths as well.
But, most phone API's already provide a random number generator they say is cryptographically sound. Java's SecureRandom on Android, SecRandomCopyBytes on iOS, net.rim.device.api.crypto.RandomSource on Blackberry, System.Security.Cryptography.RNGCryptoServiceProvider on Windows, and CreateRandomL on Symbian. Is there a particular reason you distrust or can't use one of those? -tom _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography