Secure Random Number Generator

[Dave King]

Hi-
Is there a secure random number generator for Ruby that works on
Windows and Linux?

Thanks,
Dave

 

[M. Edward (Ed) Borasky]

Hi-
Is there a secure random number generator for Ruby that works on
Windows and Linux?

Thanks,
Dave

Remind me again how a random number generator can be insecure ...

 

[Gary Wright]

I'm assuming he means sufficiently random for cryptographic purposes.
Some pseudo-random number generators don't meet that requirement.

The Ruby 1.9 source code for random says:

This is based on trimmed version of MT19937. To get the original
version,
contact <http://www.math.keio.ac.jp/~matumoto/emt.html>.

The docs for Kernel#rand say

Ruby currently uses a modified Mersenne Twister with a period of
219937-1.

I'm not a crypto geek but I'm guessing that a Mersenne Twister algorithm
doesn't have sufficient entropy for crypto purposes.

As a proof of concept I whipped up this for MacOSX. It gets random data
from /dev/urandom, which based on the man page is better source of
random
data (Yarrow pseudo random number generator with entropy injected by the
MacOSX SecurityServer). I'm not claiming this is good for crypto work
either, just that it looks better than the Mersenne Twister. I think
this
would work on Linux also since it has /dev/urandom. I got nothing for
Windows.

module Kernel
# Return bytes from /dev/urandom.
# With no arguments, urandom grabs four bytes and returns them as an
# unsigned integer. With an integer argument, urandom returns a
string
# of that size filled with bytes from /dev/urandom.
def urandom(size=nil)
result = File.open('/dev/urandom') { |x| x.read(size || 4) }
size && result || result.unpack("L").first
end
end

Gary Wright

 

[ara.t.howard]

I got nothing for Windows.

don't you just have to run any 'ol code to get random numbers on windows? ;-)

(ducks)

-a

 

[Husein Choroomi]

http://raa.ruby-lang.org/search.rhtml?search=random+number

Hi-
Is there a secure random number generator for Ruby that works on
Windows and Linux?

Thanks,
Dave

--
Husein Choroomi,
CEO, CTO
Yucca Intelligence Development
http://www.YuccaHQ.com

We make the web a better place!

 

[Bill Kelly]

don't you just have to run any 'ol code to get random numbers on windows? ;-)

I would propose installing registry-access-hooks to monitor and
generate random bits from all the trojan horses continually rewriting
dozens of registry keys per second to ensure they can't be deleted.


Regards,

Bill (who found a very, very tenacious trojan on his win xp box recently)
(check your windows/system32 folder for a hidden file called pmnnl.dll)

 

[Joel VanderWerf]

Hi-
Is there a secure random number generator for Ruby that works on
Windows and Linux?

Is ISAAC[1] secure enough for you?

I think Kirk Haines posted his implementation somewhere. (I've got one
too, but I never released it.)

[1] http://www.burtleburtle.net/bob/rand/isaac.html

 

[khaines]

Hi-
Is there a secure random number generator for Ruby that works on
Windows and Linux?

Is ISAAC[1] secure enough for you?

I think Kirk Haines posted his implementation somewhere. (I've got one too,
but I never released it.)

Crypt::ISAAC. I have a small update to it (that includes a pure C
implementation that someone else donated) that I will try to get uploaded.
May not get it done until after the MountainWest Rubyconf, though.


Kirk Haines

 

[Dave King]

Yeah I look at that, I was actually having trouble getting the setup.rb
script to run in Windows. It's fine for me to copy it over but I was
going to use it in an article and didn't want to have to explain how to
manually install it. Then again it could just be my laptop, I'll try it
on another computer tomorrow. Also, I noticed you said you were working
on better seeding for Windows, does the current seeding effect the
randomness much?

Thanks,
Dave

Hi-
Is there a secure random number generator for Ruby that works on
Windows and Linux?

Is ISAAC[1] secure enough for you?

I think Kirk Haines posted his implementation somewhere. (I've got
one too, but I never released it.)

Crypt::ISAAC. I have a small update to it (that includes a pure C
implementation that someone else donated) that I will try to get
uploaded. May not get it done until after the MountainWest Rubyconf,
though.


Kirk Haines