[Cialug] Complete C source online

[Morris Dovey]

On 7/24/13 2:19 PM, Zachary Kotlarek wrote:
>
> On Jul 24, 2013, at 11:14 AM, Morris Dovey <mrdovey at iedu.com> wrote:
>
>> Hacker Alert!
>> I’ve just posted C source for code to provide what I think is fairly robust privacy for computer files at http://www.iedu.com/Documents/Privacy - As shown, the code provides 1024-bit privacy keys which can be increased to whatever level anyone might want.
>> For reference, the US government considers 256-bit keys adequate for sensitive information.
>
>
> I would not recommend the sort of key generation you propose in those documents. The best keys are evenly distributed across the entire key space; the ones you generate with the described method will have significantly less entropy than truly random keys, and will provide effective key lengths quite a bit smaller than the actual key length.
>
> Many (I'd even venture "most") modern motherboards and/or CPUs now have access to genuinely random data (quantum-driven thermal noise, for example) that can be used to create much better keys, and even without genuinely random data there are better techniques available for key generation.


Mostly true. I considered the gettimeofday() and similar options, and 
tossed em out because of cross-platform inadequacies.

It’s always possible to put Humpty-Dumpty together again, but it does 
make a practical difference whether he simply fell off the wall or was 
reduced to molecule-sized pieces with a hammer.

I don’t have any interest in protecting state secrets - my intent is to 
make it unreasonable to snoop billions social network exchanges, 
e-mails, phone text messages, and SIM cards every day.

To that end, I’ll be happy to buy the next round of coffee (beer?) for 
anyone in the LUG who improves significantly on my Q&D code, and offers 
it up freely. :-)