FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » How to generate cryptographically-secure random big-integers?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: How to generate cryptographically-secure random big-integers? [message #170218 is a reply to message #170216] Wed, 20 October 2010 09:53 Go to previous messageGo to previous message
Erwin Moller is currently offline  Erwin Moller
Messages: 228
Registered: September 2010
Karma:
Senior Member
On 10/20/2010 11:36 AM, The Natural Philosopher wrote:
> Álvaro G. Vicario wrote:
>> El 20/10/2010 8:57, Robert Maas, http://tinyurl.com/uh3t escribió/wrote:
>>> I need to generate a random integer uniformly distributed from 0 to
>>> 165704257009980305087908956205223296585688096305918417966291411066008093135 190411324365527113804568013399264982255120906812142560021321323875432044092 494966970218269418334085525290028472777766273110227504712320
>>>
>>> The following code:
>>> srand(time());
>>
>> You only need to set a seed for PHP versions older than 4.2.0.
>>
>>> $random = (rand()%9); ...etc...
>>
>> As soon as you start using rand() you realize that its output is far
>> from random:
>>
>> http://www.boallen.com/random-numbers.html
>>
>> I've found mt_rand() quite more appropriate.
>>
>>
>>> :is no good because time returns 1287555603 currently, and it would
>>> be relatively easy for somebody who has access to my source code to
>>> try all possible values for the time seed, a 10-digit integer, and
>>> thus crack my cryptosystem. I'm doing personal research to try to
>>> find something that is truly random for two hundred and ten
>>> independently random cryptographically secure digits. My current
>>> idea is to call the microsecond-time function a moderately large
>>> number of times in succession, subtract adacent values (result
>>> usually 4, often 5, rarely any other value), build a Markovian
>>> model for the sequence, and then apply interval refinement directly
>>> to the interval where I want the value until the length of the
>>> interval is small enough to specify a single integer. But before I
>>> go to a lot of effort to develop this idea, maybe one of you has an
>>> idea for some method somebody else already did that I could use
>>> instead?
>>
>> The rest of your message involve mathematical issues that go beyond my
>> reach, sorry <:-) However, why exactly are you building your own
>> cryptosystem when there're so many libraries out there?
>>
>>
> security by obscurity?
>
> with A->D converters so cheap, why not build a dongle and sample thermal
> noise? from some bit of semiconductor..

Already exists: when you use /dev/random on Linux, it can use noise.
(See link in my other reply)
:-)

Regards,
Erwin Moller


>
> Nice product there. USB random sequence generator...
>>
>>


--
"There are two ways of constructing a software design: One way is to
make it so simple that there are obviously no deficiencies, and the
other way is to make it so complicated that there are no obvious
deficiencies. The first method is far more difficult."
-- C.A.R. Hoare
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Anyone here follows the mailing list php-general(at)lists(dot)php(dot)net?
Next Topic: Having trouble writing/copying/renaming file to sub-directory
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 12:29:57 GMT 2024

Total time taken to generate the page: 0.05976 seconds