In many cryptosystems incorporating human beings, the users' limited memories and their indifference to keeping the systems secure may cause some severe vulnerability of the whole systems. Thus we need more studies on personal entropy, from an information theoretical point of view, to capture the characteristics of human beings as special information sources for cryptosystems. In this paper, we discuss and analyze the use of personal entropy for generating cryptographic keys. In such a case, it is crucially important to precisely evaluate the amount of personal entropy that indicates the actual key length. We propose an advanced key generation scheme based on the conventional graphical passwords proposed in [12]. We improve them to make the most of the secret information extracted in one drawing, i.e., we incorporate the on-line pen pressure and pen inclination information in addition to utilize more secret information. We call the scheme dynamic graphical passwords, and propose a practical construction of them. We also show a precise way of quantifying their entropy, and finally, as an experimental result, we can generate a key of over 110-bit long, using the data of a single drawing. When quantifying their entropy, we need to precisely evaluate the entropy of graphical passwords as well as that of the on-line information of pen movements. We need to precisely evaluate the entropy of graphical passwords by considering the users' biased choices of their graphical passwords. It is expected that they tend to choose their passwords that are memorable as easily as possible, thus we quantify the burden of memorizing each graphical password by the length of its description using a special language based on [12]. We improve the approach in [12] by more directly reflecting how easily each graphical password can be memorized.

Peer-to-peer (P2P) networks have attracted increasing attention in the distribution of large-volume and frequently accessed content. In this paper, we mainly consider the problem of key leakage in secure P2P content distribution. In secure content distribution, content is encrypted so that only legitimate users can access the content. Usually, users (peers) cannot be fully trusted in a P2P network because malicious ones might leak their decryption keys. If the redistribution of decryption keys occurs, copyright holders may incur great losses caused by free riders who access content without purchasing it. To decrease the damage caused by the key leakage, the individualization of encrypted content is necessary. The individualization means that a different (set of) decryption key(s) is required for each user to access content. In this paper, we propose a P2P content distribution scheme resilient to the key leakage that achieves the individualization of encrypted content. We show the feasibility of our scheme by conducting a large-scale P2P experiment in a real network.