One thing I noticed looking through the code is that the key generation on Windows mixes a CRC32 of a MOUSEHOOKSTRUCT. If you look at it, there isn't a huge amount of entropy in there... Some fields, such as the window handle, don't change between callbacks. Others, such as the hit test code are enums with limited possible values, and the way that most people move the mouse around will return the exact same value all the time. The difference in time between two different values is run through CRC32 a few times and then the whole thing is run through a real hash. Most users don't bother adding entropy from the keyboard.
While I don't think any of this is a vulnerability, I think it could be better.
[edit: I'm talking about Common/Random.c in 7.1a. And by better I'm suggesting additional sources of entropy be included in the process]
One thing I noticed looking through the code is that the key generation on Windows mixes a CRC32 of a MOUSEHOOKSTRUCT. If you look at it, there isn't a huge amount of entropy in there... Some fields, such as the window handle, don't change between callbacks. Others, such as the hit test code are enums with limited possible values, and the way that most people move the mouse around will return the exact same value all the time. The difference in time between two different values is run through CRC32 a few times and then the whole thing is run through a real hash. Most users don't bother adding entropy from the keyboard.
While I don't think any of this is a vulnerability, I think it could be better.
[edit: I'm talking about Common/Random.c in 7.1a. And by better I'm suggesting additional sources of entropy be included in the process]