• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: rand() and srand() broken?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rand() and srand() broken?

  • Subject: Re: rand() and srand() broken?
  • From: Derek Gaston <email@hidden>
  • Date: Wed, 25 Nov 2009 12:12:56 -0700
On Nov 25, 2009, at 11:56 AM, Terry Lambert wrote:

Tour requirements sound like a sequence offset restarttable CSPRNG for use in a block cipher for use in whole device or file/block level encryption for a mass storage device.

You will need to carry around your own CSPRNG code for this, as system supplied PRNGs are generally not CSPRNGs, and their implementation can (and does) change.

Such things generally generate their nonce (the initial seed value) from a passphrase or cryptographically generated key block stored some place like a USB key fob.

The way you are trying to go about this is very guessable and not at all secure; I merely need to feed in monotonically increasing integers until I get a matching output value, and then monotonically increase my input for each subsequent value in order to decode your ciphertext. A high school student could break your message in under an hour, and under 5 minimum if it were using in band metadata for structured contents (e.g. an RFC-822 email message).

Ah - I should have specified that this application has nothing (at all) to do with cryptography. In case people are interested... this is an engineering simulation application. We just need to generate random input into it (but like I said... on a grand scale... and with the ability to both get the same numbers back at points.... AND change the numbers throughout the simulation at specific times). The strength of the random numbers matters little.

Also... the portability doesn't matter... in that we're not worried about getting different numbers on different machines... as long as every machine spews numbers throughout the range we want.

Derek
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >rand() and srand() broken? (From: Derek Gaston <email@hidden>)


 >Re: rand() and srand() broken? (From: Jason Foreman <email@hidden>)


 >Re: rand() and srand() broken? (From: Derek Gaston <email@hidden>)






    

  • Prev by Date:
Re: [APPL:DarwinDev] Re: rand() and srand() broken?

    • 

  • Next by Date:
Re: [APPL:DarwinDev] Re: rand() and srand() broken?

    • 

  • Previous by thread:
Re: rand() and srand() broken?

    • 

  • Next by thread:
Re: rand() and srand() broken?

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •