Hello!
> On Wed, May 10, 2000 at 11:02:43AM +0530, Amit Chopra wrote:
>
> > srand((unsigned)(time(NULL))); //C Runtime Function
> > seed[i] = rand(); //C Runtime function
>
> > Can somebody tell me if this method of seeding the RNG secure enough?
>
> It is not. rand() was never meant to be a cryptographic RNG.
You must always differentiate between bits and entropy (uncertainty).
The latter can be measured in bits but is really a measure of how much
"we dont know". If you like math you can read about it, it is called
"information theory" or coding theory (probably on the web), but
otherwise you can think like this:
1) The system time used in srand() does NOT contain much entropy. The
adversary probably knows the year and period of days the seed was
created. That reduces his uncertainty about the system time (he already
knows some bits know) so if he where to guess he would only guess the
last bits. Further on he knows that the seed was probably created during
working hours. Thus he does not have to try all hours or at least he
tries the unlikely last. You see some values of the system time are far
more probable than others and some are even zero.
2) To concatenate the same value v several times (vvvvv) does NOT
increase entropy since if we can determine v we know the concatenation
directly.
3) When you seed with the output of rand you are in effect reducing the
entropy of the complete RNG output to the entropy of the first seed to
srand. Which by (1) above was just a couple of bits :-) this is not
good.
4) I know that some companies use "user entropy" by letting the user
move the mouse and press some random keys for a while, but how do you
make the user tip random noise or move the mouse randomly? or rather how
do you know when you have enough entropy? (if you restrict the way the
user tip you reduce the uncertainty again :-)
/Douglas
--
------------------------------------------------------
Douglas Wikström <[EMAIL PROTECTED]>
------------------------------------------------------
Yes, God created Man before Woman,
but one always makes a draft before the masterpiece.
------------------------------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
