Hi-
Is there a secure random number generator for Ruby that works on
Windows and Linux?
Thanks,
Dave
Dave K. wrote:
Hi-
Is there a secure random number generator for Ruby that works on
Windows and Linux?Thanks,
Dave
Remind me again how a random number generator can be insecure …
–
M. Edward (Ed) Borasky, FBG, AB, PTA, PGS, MS, MNLP, NST, ACMC(P)
http://borasky-research.blogspot.com/
If God had meant for carrots to be eaten cooked, He would have given
rabbits fire.
On Mar 13, 2007, at 1:03 AM, M. Edward (Ed) Borasky wrote:
Dave K. wrote:
Hi-
Is there a secure random number generator for Ruby that works on
Windows and Linux?
I’m assuming he means sufficiently random for cryptographic purposes.
Some pseudo-random number generators don’t meet that requirement.
The Ruby 1.9 source code for random says:
This is based on trimmed version of MT19937. To get the original
version,
contact http://www.math.keio.ac.jp/~matumoto/emt.html.
The docs for Kernel#rand say
Ruby currently uses a modified Mersenne Twister with a period of
219937-1.
I’m not a crypto geek but I’m guessing that a Mersenne Twister algorithm
doesn’t have sufficient entropy for crypto purposes.
As a proof of concept I whipped up this for MacOSX. It gets random data
from /dev/urandom, which based on the man page is better source of
random
data (Yarrow pseudo random number generator with entropy injected by the
MacOSX SecurityServer). I’m not claiming this is good for crypto work
either, just that it looks better than the Mersenne Twister. I think
this
would work on Linux also since it has /dev/urandom. I got nothing for
Windows.
module Kernel
Return bytes from /dev/urandom.
With no arguments, urandom grabs four bytes and returns them as an
unsigned integer. With an integer argument, urandom returns a
string
of that size filled with bytes from /dev/urandom.
def urandom(size=nil)
result = File.open(‘/dev/urandom’) { |x| x.read(size || 4) }
size && result || result.unpack(“L”).first
end
end
Gary W.
On Tue, 13 Mar 2007, Gary W. wrote:
I got nothing for Windows.
don’t you just have to run any 'ol code to get random numbers on
windows? 
(ducks)
-a
http://raa.ruby-lang.org/search.rhtml?search=random+number
On 3/13/07, Dave K. [email protected] wrote:
Hi-
Is there a secure random number generator for Ruby that works on
Windows and Linux?Thanks,
Dave
–
Husein C.,
CEO, CTO
Yucca Intelligence Development
We make the web a better place!
Dave K. wrote:
Hi-
Is there a secure random number generator for Ruby that works on
Windows and Linux?
Is ISAAC[1] secure enough for you?
I think Kirk H. posted his implementation somewhere. (I’ve got one
too, but I never released it.)
[1] ISAAC and RC4
On Tue, 13 Mar 2007, Joel VanderWerf wrote:
Dave K. wrote:
Hi-
Is there a secure random number generator for Ruby that works on
Windows and Linux?Is ISAAC[1] secure enough for you?
I think Kirk H. posted his implementation somewhere. (I’ve got one too,
but I never released it.)
Crypt::ISAAC. I have a small update to it (that includes a pure C
implementation that someone else donated) that I will try to get
uploaded.
May not get it done until after the MountainWest Rubyconf, though.
Kirk H.
Yeah I look at that, I was actually having trouble getting the setup.rb
script to run in Windows. It’s fine for me to copy it over but I was
going to use it in an article and didn’t want to have to explain how to
manually install it. Then again it could just be my laptop, I’ll try it
on another computer tomorrow. Also, I noticed you said you were working
on better seeding for Windows, does the current seeding effect the
randomness much?
Thanks,
Dave
From: [email protected]
On Tue, 13 Mar 2007, Gary W. wrote:
I got nothing for Windows.
don’t you just have to run any 'ol code to get random numbers on windows?
I would propose installing registry-access-hooks to monitor and
generate random bits from all the trojan horses continually rewriting
dozens of registry keys per second to ensure they can’t be deleted.
Regards,
Bill (who found a very, very tenacious trojan on his win xp box
recently)
(check your windows/system32 folder for a hidden file called
pmnnl.dll)