FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » How to generate cryptographically-secure random big-integers?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: How to generate cryptographically-secure random big-integers? [message #170234 is a reply to message #170232] Thu, 21 October 2010 06:58 Go to previous messageGo to previous message
seeWebInstead is currently offline  seeWebInstead
Messages: 14
Registered: October 2010
Karma:
Junior Member
>> There doesn't seem to be any 'man' page for it,
> From: Luuk <L...@invalid.lan>
> man 4 random

Ah. Just "man random" gave the C library function, at which point I
gave up. Thanks, indeed specifying the chapter number as 4 gives
what I wanted. Unfortuately, since /dev/random has been shown to
not be cryptographically secure, and besides it relies on a shared
resource, hence *could* be spied-upon to see the state just before
or after I use it, I'll avoid it.

BTW: A few minutes ago, using PHP interactive mode, I finished
writing toplevel code (about 43 lines) to:
- Sample the PHP system microsecond time several hundred times and
store the values in an array.
- Compute the array of differences between consecutive values.
- Tally the totals of each different time-diff as an associative array.
- Generate the running totals starting from 0 past each time-diff.
- Use interval refinement to narrow the overall interval down to
narrower and narrower intervals per each successive (backwards)
sample until there's only one integer remaining in the interval.
(I use the time-difference samples backwards because the very first
of the time differences is usually anomalously large, presumably
because that's when it needs to swap in all the pages of
software into the cache, or when it compiles the script, or whatever.
Hence that first sample isn't as random as the rest.)

Note: Interval refinement here uses the zero-order model, ignoring
correlation between adjacent samples. Since each set of
system-clock samples (each run of this algorithm) has a different
histogram, the cut points for interval refinement will be different
each time, and as a result the global expectation to an outsider is
that the whole interval will be nearly uniformly covered, even if
any single run is biassed. So for my immediate purposes, this
should be good enough.

So next I need to break the pieces of code into function
definitions with meaningful names and nice interfaces, including a
toplevel function to do the whole job in one call, and store all
the functions in a library file, and finally incorporate a call to
the toplevel function from the bootstrap script that is run from a
HTML form.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Anyone here follows the mailing list php-general(at)lists(dot)php(dot)net?
Next Topic: Having trouble writing/copying/renaming file to sub-directory
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 22:42:56 GMT 2024

Total time taken to generate the page: 0.04332 seconds