Secure Random Number Generator

Discussion in 'Ruby' started by Dave King, Mar 13, 2007.

  1. Dave King

    Dave King Guest

    Hi-
    Is there a secure random number generator for Ruby that works on
    Windows and Linux?

    Thanks,
    Dave
     
    Dave King, Mar 13, 2007
    #1
    1. Advertising

  2. Dave King wrote:
    > Hi-
    > Is there a secure random number generator for Ruby that works on
    > Windows and Linux?
    >
    > Thanks,
    > Dave
    >
    >
    >

    Remind me again how a random number generator can be insecure ...

    --
    M. Edward (Ed) Borasky, FBG, AB, PTA, PGS, MS, MNLP, NST, ACMC(P)
    http://borasky-research.blogspot.com/

    If God had meant for carrots to be eaten cooked, He would have given rabbits fire.
     
    M. Edward (Ed) Borasky, Mar 13, 2007
    #2
    1. Advertising

  3. Dave King

    Gary Wright Guest

    On Mar 13, 2007, at 1:03 AM, M. Edward (Ed) Borasky wrote:

    > Dave King wrote:
    >> Hi-
    >> Is there a secure random number generator for Ruby that works on
    >> Windows and Linux?


    I'm assuming he means sufficiently random for cryptographic purposes.
    Some pseudo-random number generators don't meet that requirement.

    The Ruby 1.9 source code for random says:

    This is based on trimmed version of MT19937. To get the original
    version,
    contact <http://www.math.keio.ac.jp/~matumoto/emt.html>.

    The docs for Kernel#rand say

    Ruby currently uses a modified Mersenne Twister with a period of
    219937-1.

    I'm not a crypto geek but I'm guessing that a Mersenne Twister algorithm
    doesn't have sufficient entropy for crypto purposes.

    As a proof of concept I whipped up this for MacOSX. It gets random data
    from /dev/urandom, which based on the man page is better source of
    random
    data (Yarrow pseudo random number generator with entropy injected by the
    MacOSX SecurityServer). I'm not claiming this is good for crypto work
    either, just that it looks better than the Mersenne Twister. I think
    this
    would work on Linux also since it has /dev/urandom. I got nothing for
    Windows.

    module Kernel
    # Return bytes from /dev/urandom.
    # With no arguments, urandom grabs four bytes and returns them as an
    # unsigned integer. With an integer argument, urandom returns a
    string
    # of that size filled with bytes from /dev/urandom.
    def urandom(size=nil)
    result = File.open('/dev/urandom') { |x| x.read(size || 4) }
    size && result || result.unpack("L").first
    end
    end

    Gary Wright
     
    Gary Wright, Mar 13, 2007
    #3
  4. Dave King

    Guest

    On Tue, 13 Mar 2007, Gary Wright wrote:

    > I got nothing for Windows.


    don't you just have to run any 'ol code to get random numbers on windows? ;-)

    (ducks)

    -a
    --
    be kind whenever possible... it is always possible.
    - the dalai lama
     
    , Mar 13, 2007
    #4
  5. Husein Choroomi, Mar 13, 2007
    #5
  6. Dave King

    Bill Kelly Guest

    From: <>
    > On Tue, 13 Mar 2007, Gary Wright wrote:
    >
    >> I got nothing for Windows.

    >
    > don't you just have to run any 'ol code to get random numbers on windows? ;-)


    :D

    I would propose installing registry-access-hooks to monitor and
    generate random bits from all the trojan horses continually rewriting
    dozens of registry keys per second to ensure they can't be deleted.


    Regards,

    Bill (who found a very, very tenacious trojan on his win xp box recently)
    (check your windows/system32 folder for a hidden file called pmnnl.dll)
     
    Bill Kelly, Mar 13, 2007
    #6
  7. Dave King wrote:
    > Hi-
    > Is there a secure random number generator for Ruby that works on
    > Windows and Linux?


    Is ISAAC[1] secure enough for you?

    I think Kirk Haines posted his implementation somewhere. (I've got one
    too, but I never released it.)

    [1] http://www.burtleburtle.net/bob/rand/isaac.html

    --
    vjoel : Joel VanderWerf : path berkeley edu : 510 665 3407
     
    Joel VanderWerf, Mar 13, 2007
    #7
  8. Dave King

    Guest

    On Tue, 13 Mar 2007, Joel VanderWerf wrote:

    > Dave King wrote:
    >> Hi-
    >> Is there a secure random number generator for Ruby that works on
    >> Windows and Linux?

    >
    > Is ISAAC[1] secure enough for you?
    >
    > I think Kirk Haines posted his implementation somewhere. (I've got one too,
    > but I never released it.)


    Crypt::ISAAC. I have a small update to it (that includes a pure C
    implementation that someone else donated) that I will try to get uploaded.
    May not get it done until after the MountainWest Rubyconf, though.


    Kirk Haines
     
    , Mar 14, 2007
    #8
  9. Dave King

    Dave King Guest

    Yeah I look at that, I was actually having trouble getting the setup.rb
    script to run in Windows. It's fine for me to copy it over but I was
    going to use it in an article and didn't want to have to explain how to
    manually install it. Then again it could just be my laptop, I'll try it
    on another computer tomorrow. Also, I noticed you said you were working
    on better seeding for Windows, does the current seeding effect the
    randomness much?

    Thanks,
    Dave

    wrote:
    > On Tue, 13 Mar 2007, Joel VanderWerf wrote:
    >
    >> Dave King wrote:
    >>> Hi-
    >>> Is there a secure random number generator for Ruby that works on
    >>> Windows and Linux?

    >>
    >> Is ISAAC[1] secure enough for you?
    >>
    >> I think Kirk Haines posted his implementation somewhere. (I've got
    >> one too, but I never released it.)

    >
    > Crypt::ISAAC. I have a small update to it (that includes a pure C
    > implementation that someone else donated) that I will try to get
    > uploaded. May not get it done until after the MountainWest Rubyconf,
    > though.
    >
    >
    > Kirk Haines
    >
    >
    >
    >
     
    Dave King, Mar 14, 2007
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kingsley Oteng

    Random Number Generator??

    Kingsley Oteng, Apr 27, 2004, in forum: VHDL
    Replies:
    11
    Views:
    52,963
    rahul.iyer
    Aug 9, 2010
  2. tshad

    Random number/letter generator

    tshad, May 5, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    9,605
    tshad
    May 6, 2005
  3. Wally
    Replies:
    1
    Views:
    2,832
    pvdg42
    Mar 20, 2006
  4. globalrev
    Replies:
    4
    Views:
    810
    Gabriel Genellina
    Apr 20, 2008
  5. VK
    Replies:
    15
    Views:
    1,315
    Dr J R Stockton
    May 2, 2010
Loading...

Share This Page