[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Secure Random Number Generator

Dave King

3/13/2007 4:57:00 AM

Hi-
Is there a secure random number generator for Ruby that works on
Windows and Linux?

Thanks,
Dave
8 Answers

M. Edward (Ed) Borasky

3/13/2007 5:03:00 AM

0

Dave King wrote:
> Hi-
> Is there a secure random number generator for Ruby that works on
> Windows and Linux?
>
> Thanks,
> Dave
>
>
>
Remind me again how a random number generator can be insecure ...

--
M. Edward (Ed) Borasky, FBG, AB, PTA, PGS, MS, MNLP, NST, ACMC(P)
http://borasky-research.blo...

If God had meant for carrots to be eaten cooked, He would have given rabbits fire.

Gary Wright

3/13/2007 5:39:00 AM

0


On Mar 13, 2007, at 1:03 AM, M. Edward (Ed) Borasky wrote:

> Dave King wrote:
>> Hi-
>> Is there a secure random number generator for Ruby that works on
>> Windows and Linux?

I'm assuming he means sufficiently random for cryptographic purposes.
Some pseudo-random number generators don't meet that requirement.

The Ruby 1.9 source code for random says:

This is based on trimmed version of MT19937. To get the original
version,
contact <http://www.math.keio.ac.jp/~matumoto/em....

The docs for Kernel#rand say

Ruby currently uses a modified Mersenne Twister with a period of
219937-1.

I'm not a crypto geek but I'm guessing that a Mersenne Twister algorithm
doesn't have sufficient entropy for crypto purposes.

As a proof of concept I whipped up this for MacOSX. It gets random data
from /dev/urandom, which based on the man page is better source of
random
data (Yarrow pseudo random number generator with entropy injected by the
MacOSX SecurityServer). I'm not claiming this is good for crypto work
either, just that it looks better than the Mersenne Twister. I think
this
would work on Linux also since it has /dev/urandom. I got nothing for
Windows.

module Kernel
# Return bytes from /dev/urandom.
# With no arguments, urandom grabs four bytes and returns them as an
# unsigned integer. With an integer argument, urandom returns a
string
# of that size filled with bytes from /dev/urandom.
def urandom(size=nil)
result = File.open('/dev/urandom') { |x| x.read(size || 4) }
size && result || result.unpack("L").first
end
end

Gary Wright

Ara.T.Howard

3/13/2007 5:50:00 AM

0

Husein Choroomi

3/13/2007 5:53:00 AM

0

http://raa.ruby-lang.org/search.rhtml?search=ran...

On 3/13/07, Dave King <dave@davewking.com> wrote:
> Hi-
> Is there a secure random number generator for Ruby that works on
> Windows and Linux?
>
> Thanks,
> Dave
>
>


--
Husein Choroomi,
CEO, CTO
Yucca Intelligence Development
http://www.Y...

We make the web a better place!

Bill Kelly

3/13/2007 6:05:00 AM

0

From: <ara.t.howard@noaa.gov>
> On Tue, 13 Mar 2007, Gary Wright wrote:
>
>> I got nothing for Windows.
>
> don't you just have to run any 'ol code to get random numbers on windows? ;-)

:D

I would propose installing registry-access-hooks to monitor and
generate random bits from all the trojan horses continually rewriting
dozens of registry keys per second to ensure they can't be deleted.


Regards,

Bill (who found a very, very tenacious trojan on his win xp box recently)
(check your windows/system32 folder for a hidden file called pmnnl.dll)

Joel VanderWerf

3/13/2007 8:14:00 AM

0

Dave King wrote:
> Hi-
> Is there a secure random number generator for Ruby that works on
> Windows and Linux?

Is ISAAC[1] secure enough for you?

I think Kirk Haines posted his implementation somewhere. (I've got one
too, but I never released it.)

[1] http://www.burtleburtle.net/bob/rand/...

--
vjoel : Joel VanderWerf : path berkeley edu : 510 665 3407

khaines

3/14/2007 1:52:00 AM

0

Dave King

3/14/2007 4:29:00 AM

0

Yeah I look at that, I was actually having trouble getting the setup.rb
script to run in Windows. It's fine for me to copy it over but I was
going to use it in an article and didn't want to have to explain how to
manually install it. Then again it could just be my laptop, I'll try it
on another computer tomorrow. Also, I noticed you said you were working
on better seeding for Windows, does the current seeding effect the
randomness much?

Thanks,
Dave

khaines@enigo.com wrote:
> On Tue, 13 Mar 2007, Joel VanderWerf wrote:
>
>> Dave King wrote:
>>> Hi-
>>> Is there a secure random number generator for Ruby that works on
>>> Windows and Linux?
>>
>> Is ISAAC[1] secure enough for you?
>>
>> I think Kirk Haines posted his implementation somewhere. (I've got
>> one too, but I never released it.)
>
> Crypt::ISAAC. I have a small update to it (that includes a pure C
> implementation that someone else donated) that I will try to get
> uploaded. May not get it done until after the MountainWest Rubyconf,
> though.
>
>
> Kirk Haines
>
>
>
>