My program connects to a server, the public key of the server is already known. The program then encrypts a AES key together with an initialization vector, and sends it to the server. The server decrypts the message and from now on AES is used to encrypt the conversation.

My question is about how to generate the IV. If I go the naive way and seed a pseudo random generator with the current time, an attacker could probably make a few very good guesses about the IV, which is of curse not what I want.

As hardware random generators are not only slow, but also not available everywhere, I’d like to go for a different approach. When the client program is first started, I let the user make a few random mouse moves, just like TrueCrypt does. I now save those “random bits” created by the mouse movement and when I need a generator, I’ll use them as a seed. Of course, the random bits have to get updated every time I use them as seed. And this is my question: I thought about just saving the first few random bits generated as the new “random bits”. (So they get used to initialize the random engine next time the software starts.) Now I’m not sure if this would be random enough or if pseudo random generators would show guessable patterns here. (I’d probably use std::mt19937 http://en.cppreference.com/w/cpp/numeric/random)

Edit: The chaining mode changes, so I want it to work for the mode with the “highest” requirements. Which would be CBC if I remember correctly.

Please note: The software I’m writing is purely experimental.