| Re: How to generate cryptographically-secure random big-integers? [message #170221 is a reply to message #170218] |
Wed, 20 October 2010 10:10   |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
|
Senior Member |
|
|
Erwin Moller wrote:
> On 10/20/2010 11:36 AM, The Natural Philosopher wrote:
>> Álvaro G. Vicario wrote:
>>> El 20/10/2010 8:57, Robert Maas, http://tinyurl.com/uh3t escribió/wrote:
>>>> I need to generate a random integer uniformly distributed from 0 to
>>>> 165704257009980305087908956205223296585688096305918417966291411066008093135 190411324365527113804568013399264982255120906812142560021321323875432044092 494966970218269418334085525290028472777766273110227504712320
>>>>
>>>>
>>>> The following code:
>>>> srand(time());
>>>
>>> You only need to set a seed for PHP versions older than 4.2.0.
>>>
>>>> $random = (rand()%9); ...etc...
>>>
>>> As soon as you start using rand() you realize that its output is far
>>> from random:
>>>
>>> http://www.boallen.com/random-numbers.html
>>>
>>> I've found mt_rand() quite more appropriate.
>>>
>>>
>>>> :is no good because time returns 1287555603 currently, and it would
>>>> be relatively easy for somebody who has access to my source code to
>>>> try all possible values for the time seed, a 10-digit integer, and
>>>> thus crack my cryptosystem. I'm doing personal research to try to
>>>> find something that is truly random for two hundred and ten
>>>> independently random cryptographically secure digits. My current
>>>> idea is to call the microsecond-time function a moderately large
>>>> number of times in succession, subtract adacent values (result
>>>> usually 4, often 5, rarely any other value), build a Markovian
>>>> model for the sequence, and then apply interval refinement directly
>>>> to the interval where I want the value until the length of the
>>>> interval is small enough to specify a single integer. But before I
>>>> go to a lot of effort to develop this idea, maybe one of you has an
>>>> idea for some method somebody else already did that I could use
>>>> instead?
>>>
>>> The rest of your message involve mathematical issues that go beyond my
>>> reach, sorry <:-) However, why exactly are you building your own
>>> cryptosystem when there're so many libraries out there?
>>>
>>>
>> security by obscurity?
>>
>> with A->D converters so cheap, why not build a dongle and sample thermal
>> noise? from some bit of semiconductor..
>
> Already exists: when you use /dev/random on Linux, it can use noise.
> (See link in my other reply)
> :-)
Yup. Another damned useful factoid archived in grey matter.
Why is it always the same half dozen posters who always come up with
'wow, I wish I had known that' or 'that really is well thought out and
elegant' etc..
as opposed to certain regulars who never seem to say anything worth
reading..;-)
>
> Regards,
> Erwin Moller
>
>
>>
>> Nice product there. USB random sequence generator...
>>>
>>>
>
>
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]