Subject: Re: System clock resolution and random numbers
To: Greg Troxel <email@example.com>
From: Rick Byers <firstname.lastname@example.org>
Date: 05/01/1997 09:46:13
On Thu, 1 May 1997, Greg Troxel wrote:
> You didn't say what your application is, but since you mentioned not
> being able to find things out without root access, it sounds like it
> might be cryptography. In that case I'd advise you to stay away from
> gettimeofday as your sole source of randomness.
I don't want to describe exactly what it is in public e-mail (because even
'the bad guys' have access to this list), but I guess it's sort of like
cryptography. Currently I'm XORing a number of values, including tv_usec
when the program starts, and after a user-input prompt (user reponse time
is pretty unpredictable). I'm thinking I'm going to need to keep a
datafile with a seed component in it and make the program setuid, but I
don't know if it's worth all that - I really don't think anyone will
attempt to crack it, but I don't want to take any chances, I only feel
safe when I know I myself can't abuse a program I wrote.
> You also didn't way what port you are using, or whether you wish to
> write portable code; there is no reason to expect all ports to behave
> the same way, since the underlying hardware facilities will differ.
I'm using i386, and no, it doesn't need to be portable at all. Even if
there is some pseudo-random value that I could grab out of memory.
Rick Byers Internet Access Worldwide
email@example.com System Administrator
Welland, Ontario, Canada (905)714-1400