Subject: Re: System clock resolution and random numbers
To: Greg Troxel <>
From: Rick Byers <>
List: current-users
Date: 05/01/1997 09:46:13
On Thu, 1 May 1997, Greg Troxel wrote:

> You didn't say what your application is, but since you mentioned not
> being able to find things out without root access, it sounds like it
> might be cryptography.  In that case I'd advise you to stay away from
> gettimeofday as your sole source of randomness.

I don't want to describe exactly what it is in public e-mail (because even
'the bad guys' have access to this list), but I guess it's sort of like
cryptography.  Currently I'm XORing a number of values, including tv_usec
when the program starts, and after a user-input prompt (user reponse time
is pretty unpredictable).  I'm thinking I'm going to need to keep a
datafile with a seed component in it and make the program setuid, but I
don't know if it's worth all that - I really don't think anyone will
attempt to crack it, but I don't want to take any chances, I only feel
safe when I know I myself can't abuse a program I wrote.

> You also didn't way what port you are using, or whether you wish to
> write portable code; there is no reason to expect all ports to behave
> the same way, since the underlying hardware facilities will differ.

I'm using i386, and no, it doesn't need to be portable at all.  Even if
there is some pseudo-random value that I could grab out of memory.


Rick Byers                                      Internet Access Worldwide                                      System Administrator
Welland, Ontario, Canada                                    (905)714-1400