| Re: How to generate cryptographically-secure random big-integers? [message #170216 is a reply to message #170215] |
Wed, 20 October 2010 09:36   |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
|
Senior Member |
|
|
Álvaro G. Vicario wrote:
> El 20/10/2010 8:57, Robert Maas, http://tinyurl.com/uh3t escribió/wrote:
>> I need to generate a random integer uniformly distributed from 0 to
>> 165704257009980305087908956205223296585688096305918417966291411066008093135 190411324365527113804568013399264982255120906812142560021321323875432044092 494966970218269418334085525290028472777766273110227504712320
>>
>> The following code:
>> srand(time());
>
> You only need to set a seed for PHP versions older than 4.2.0.
>
>> $random = (rand()%9); ...etc...
>
> As soon as you start using rand() you realize that its output is far
> from random:
>
> http://www.boallen.com/random-numbers.html
>
> I've found mt_rand() quite more appropriate.
>
>
>> :is no good because time returns 1287555603 currently, and it would
>> be relatively easy for somebody who has access to my source code to
>> try all possible values for the time seed, a 10-digit integer, and
>> thus crack my cryptosystem. I'm doing personal research to try to
>> find something that is truly random for two hundred and ten
>> independently random cryptographically secure digits. My current
>> idea is to call the microsecond-time function a moderately large
>> number of times in succession, subtract adacent values (result
>> usually 4, often 5, rarely any other value), build a Markovian
>> model for the sequence, and then apply interval refinement directly
>> to the interval where I want the value until the length of the
>> interval is small enough to specify a single integer. But before I
>> go to a lot of effort to develop this idea, maybe one of you has an
>> idea for some method somebody else already did that I could use
>> instead?
>
> The rest of your message involve mathematical issues that go beyond my
> reach, sorry <:-) However, why exactly are you building your own
> cryptosystem when there're so many libraries out there?
>
>
security by obscurity?
with A->D converters so cheap, why not build a dongle and sample thermal
noise? from some bit of semiconductor..
Nice product there. USB random sequence generator...
>
>
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]