[Cialug] Complete C source online
Zachary Kotlarek
zach at kotlarek.com
Wed Jul 24 15:23:14 CDT 2013
On Jul 24, 2013, at 12:58 PM, Morris Dovey <mrdovey at iedu.com> wrote:
> It’s always possible to put Humpty-Dumpty together again, but it does make a practical difference whether he simply fell off the wall or was reduced to molecule-sized pieces with a hammer.
What I'm suggesting that you needn't start with Humpty-Dumpty in the first place, so there's nothing to reassemble.
> I don’t have any interest in protecting state secrets - my intent is to make it unreasonable to snoop billions social network exchanges, e-mails, phone text messages, and SIM cards every day.
Then you care about how your keys are generated. At the very least you need to come up with some estimate of their entropy so you know how long to make them to actually protect you against snooping. Running 8192-bit encryption against a key with 9 bits of entropy is not going to provide you protection against anything.
> To that end, I’ll be happy to buy the next round of coffee (beer?) for anyone in the LUG who improves significantly on my Q&D code, and offers it up freely. :-)
On anything that supports the RdRand instruction it's as simple as including this library and asking the CPU for a random number:
http://software.intel.com/en-us/articles/user-manual-for-the-rdrand-library-linux-version
uint64_t key;
if (rdrand_64(&key, 1) != RDRAND_SUCCESS) {
// Not enough entropy or RdRand not available on this CPU
exit(-1);
}
Beyond that there are a number of random number generation techniques available, but even data from /dev/random would typically be a better source than scrambling low-entropy data (like an image file). On many systems /dev/random is a pretty decent source of randomness, and you can ask it how random it thinks by reading /proc/sys/kernel/random/entropy_avail.
Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2746 bytes
Desc: not available
URL: <http://cialug.org/pipermail/cialug/attachments/20130724/15bb9f57/attachment.bin>
More information about the Cialug
mailing list