Comments on: Predicting the rand() and using Cryptographic Random Numbers

By: Zombie No. 5

Zombie No. 5 — Mon, 06 Apr 2009 19:32:00 +0000

By the way, rand() and cryptography is similar to drinking and driving. They don’t belong together, ever.

By: Zombie No. 5

Zombie No. 5 — Mon, 06 Apr 2009 19:27:23 +0000

Someone: No, this is just nice to have and can be useful but it is certainly no requirement. For testing you can use a PRNG with reproducable output. It isn’t possible to test your code with any possible sequence anyway. It might not even be possible to test it for each possible input value, if your code has high complexity. Basically, you shouldn’t write your code in a way that requires more than tests of corner-case to deduce that it’s correct. Easier said than done, no doubt.

By: Someone

Someone — Sun, 22 Mar 2009 20:10:47 +0000

You are missing a property that a random number generator must have: the ability to force the library reproduce random number sequences (either from the same or an earlier run).

This is indispensable during development, as it allows one to verify that a rarely occurring issue really is fixed.

By: blacklight

blacklight — Sat, 28 Feb 2009 06:19:48 +0000

http://www.zedwood.com/article/121/cpp-md5-function has a good md5 function you might be interested in.

By: Amit Goel

Amit Goel — Tue, 24 Feb 2009 12:40:33 +0000

@gedece,
Thanks a lot.

@Paul_one,
I’ll definitely add it as soon as I get some time.

By: Paul_one

Paul_one — Mon, 16 Feb 2009 16:01:09 +0000

Could you possibly include Linux/BSD/MacOS in this thing too?
Nice post though.
Very enjoyable to read.

By: gedece

gedece — Tue, 10 Feb 2009 17:14:36 +0000

Really interesting, thanks for pointing it out,as I’ve never programmed security and so I’m willing to learn some pointers.