The problem is not about randomness itself (we have rand), but in cryptographically secure PRNG. What can be used on Linux, or ideally POSIX? Does NSS have something useful?
問題不在於隨機性本身(我們有蘭特),而在於加密安全的PRNG。可以在Linux上使用什么,或者理想的POSIX? NSS有用嗎?
Clarification: I know about /dev/random, but it may run out of entropy pool. And I'm not sure whether /dev/urandom is guaranteed to be cryptographically secure.
澄清:我知道/ dev / random,但它可能用完了熵池。而且我不確定/ dev / urandom是否保證加密安全。
3 个解决方案
#1
5
Use /dev/random (requires user input, eg mouse movements) or /dev/urandom. The latter has an entropy pool and doesn't require any user input unless the pool is empty.
使用/ dev / random(需要用戶輸入,例如鼠標移動)或/ dev / urandom。后者具有熵池,除非池為空,否則不需要任何用戶輸入。
You can read from the pool like this:
你可以從這里讀取這樣的:
char buf[100];
FILE *fp;
if (fp = fopen("/dev/urandom", "r")) {
fread(&buf, sizeof(char), 100, fp);
fclose(fp);
}
Or something like that.
或類似的東西。
#2
5
From Wikipedia (my italics):
來自維基百科(我的斜體):
A counterpart to /dev/random is /dev/urandom ("unlocked" random source) which reuses the internal pool to produce more pseudo-random bits. This means that the call will not block, but the output may contain less entropy than the corresponding read from /dev/random. The intent is to serve as a cryptographically secure pseudorandom number generator. This may be used for less secure applications.
/ dev / random的對應物是/ dev / urandom(“解鎖”隨機源),它重用內部池以產生更多的偽隨機位。這意味着調用不會阻塞,但輸出可能包含比來自/ dev / random的相應讀取更少的熵。目的是充當加密安全的偽隨機數生成器。這可用於不太安全的應用程序。
#3
3
The /dev/random device is intended to be a source of cryptographically secure bits.
/ dev / random設備旨在成為加密安全位的來源。