Picking a random file for Xenon key
March 11, 2012
Guidelines
- The key should be long, and the random file should be twice as long as the key. 1MB is a good key size for sending text messages, so a 2MB random file would be useful.
- Use a temporary random file that you will not remember how to obtain and that you can delete after the key is created. A good way to do this is to copy a random section out of an existing binary file.
- Do not use a file "as is" for the random file - this is so an attacker cannot attempt to recreate your key. Open the file in notepad and delete, add, or move around random sections. Be sure the changes cover a significant area of the file.
- MP3 files work pretty well as a source of random data, but to use them you should get rid of the header and footer for extra security. Using notepad or something similar get rid of the first 1/4 and last 1/4 of the MP3 file and use the remainder as your random file.
- Using recorded sound may work but be conscious of the format - if it is raw, it is likely to have obvious patterns (such as from electric field of the PC)
- Images (photos) may work pretty well if the header/footer are similarly removed
- ZIP files will work
- Cut/paste middle sections from multiple files would be effective
- Text files are not advised, but this is random so use what you want
- Word documents (docx) are in fact a ZIP container so they may be useful, the old (doc) though is not as random