• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [OT] What kind of data is is returned by 'new' ?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OT] What kind of data is is returned by 'new' ?

  • Subject: Re: [OT] What kind of data is is returned by 'new' ?
  • From: Chris Page <email@hidden>
  • Date: Sun, 10 Jul 2005 04:29:50 -0700
On Jul 10, 2005, at 4:08 AM, Dirk Stegemann wrote:

On the other hand, though the quality of such "randomized" memory may not proof best, for my program it seems far better to use data that isn't as reliably random as other well-known high-quality random sources can privide than using such sources by accessing public APIs. My application does read and write data from and to memory very frequently, and sometimes treating e.g. a 128-byte allocated non-initialised buffer as 1024 bit-value might seem far less obvious to an adversary who was just breaking for my random() calls, I guess.

If someone can use a debugger to break on your call to random(), all bets are off. They can examine your code, intercept calls, modify memory, and inject code. And if they can do that, they've either got your privileges or root, and you have worse problems than them trying to modify your running program.

Unless you're a crypto expert, I strongly advise you to use random(). Also, read up on using srandomdev() to seed random(). Anything else is almost certainly less secure. Most people aren't experts on "randomness", and many things that most people consider "random" aren't, or aren't sufficiently so.

I am not a crypto expert, but I know enough to know better than to try to use unproven and risky means to acquire entropy. Stick with random() coupled with srandomdev() for high-quality seeding.

In fact, my man page for random() mentions arc4random(), which seems like another good choice.

--
Chris Page - Software Wrangler - Dylan Pundit

  Open Source Dylan Compilers: <http://www.gwydiondylan.org/>
  Dylan Blogging: <http://homepage.mac.com/chrispage/iblog/>
  Dylan Stuff: <http://www.cafepress.com/chrispage>


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: [OT] What kind of data is is returned by 'new' ?

      • From: Dirk Stegemann <email@hidden>
      • 





References: 


 >[OT] What kind of data is is returned by 'new' ? (From: Dirk Stegemann <email@hidden>)


 >Re: [OT] What kind of data is is returned by 'new' ? (From: Mark Bessey <email@hidden>)


 >Re: [OT] What kind of data is is returned by 'new' ? (From: Dirk Stegemann <email@hidden>)


 >Re: [OT] What kind of data is is returned by 'new' ? (From: Bill Bumgarner <email@hidden>)


 >Re: [OT] What kind of data is is returned by 'new' ? (From: Dirk Stegemann <email@hidden>)






    

  • Prev by Date:
Re: [OT] What kind of data is is returned by 'new' ?

    • 

  • Next by Date:
Re: Source file names in binary

    • 

  • Previous by thread:
Re: [OT] What kind of data is is returned by 'new' ?

    • 

  • Next by thread:
Re: [OT] What kind of data is is returned by 'new' ?

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •