FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » How to generate cryptographically-secure random big-integers?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: How to generate cryptographically-secure random big-integers? [message #170231 is a reply to message #170218] Wed, 20 October 2010 18:15 Go to previous messageGo to previous message
seeWebInstead is currently offline  seeWebInstead
Messages: 14
Registered: October 2010
Karma:
Junior Member
> From: Erwin Moller <Since_humans_read_this_I_am_spammed_too_m...@spamyourself.com>
> ... when you use /dev/random on Linux, it can use noise.

I tried it here on FreeBSD Unix, and indeed it does *something*. (I
haven't tested it for randomness myself.) I'd need to write a test
PHP script to determine whether it exists and is accessible from a
PHP script on the remote hosting services.

There doesn't seem to be any 'man' page for it, so I did Google
search, and found: http://en.wikipedia.org/wiki//dev/random#FreeBSD
"In 2004, Landon Curt Noll tested the FreeBSD 5.2.1 version of
/dev/random and found that it was not a cryptographically strong random
number generator because its output had multiple uniformity flaws
according to the Billion bit test. Similar flaws were found in the
Linux 2.4.21-20, Solaris 8 patch 108528-18, and Mac OS X 10.3.5
implementations of /dev/random."
That's not acceptable for my use.

The WikiPedia page links to a nice article describing the
million-bit tests that were performed, which mentions several
cryptographically-secure pseudo-random number generators, each of
which then begs the question how to generate a random seed. In fact
since I only need one (1) big integer on each system, and the seed
must be at least as large as the entire amount of random data I
need, and must itself be truly random, nevermind the PRNG that uses
the seed, just use the seed itself as the random big-integer I
need. So how do I generate a 210-digit truly-random seed??

The million-bit article also mentions one true random number
generator, namely 'LavaRnd'. Unfortunately LavaRnd requires
equipment to take a digital photo of a physically chaotic
apparatus, which is not feasible in pure PHP and not likely to be
supplied on all the PHP/MySQL hosting sites I'll be using.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Anyone here follows the mailing list php-general(at)lists(dot)php(dot)net?
Next Topic: Having trouble writing/copying/renaming file to sub-directory
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 14:28:49 GMT 2024

Total time taken to generate the page: 0.04902 seconds