在Linux / POSIX中Windows的rand_s的最佳替代品是什么?

时间:2022-04-06 15:11:15

The problem is not about randomness itself (we have rand), but in cryptographically secure PRNG. What can be used on Linux, or ideally POSIX? Does NSS have something useful?

问题不在于随机性本身(我们有兰特),而在于加密安全的PRNG。可以在Linux上使用什么,或者理想的POSIX? NSS有用吗?

Clarification: I know about /dev/random, but it may run out of entropy pool. And I'm not sure whether /dev/urandom is guaranteed to be cryptographically secure.

澄清:我知道/ dev / random,但它可能用完了熵池。而且我不确定/ dev / urandom是否保证加密安全。

3 个解决方案

#1


5  

Use /dev/random (requires user input, eg mouse movements) or /dev/urandom. The latter has an entropy pool and doesn't require any user input unless the pool is empty.

使用/ dev / random(需要用户输入,例如鼠标移动)或/ dev / urandom。后者具有熵池,除非池为空,否则不需要任何用户输入。

You can read from the pool like this:

你可以从这里读取这样的:

char buf[100];
FILE *fp;
if (fp = fopen("/dev/urandom", "r")) {
    fread(&buf, sizeof(char), 100, fp);
    fclose(fp);
}

Or something like that.

或类似的东西。

#2


5  

From Wikipedia (my italics):

来自*(我的斜体):

A counterpart to /dev/random is /dev/urandom ("unlocked" random source) which reuses the internal pool to produce more pseudo-random bits. This means that the call will not block, but the output may contain less entropy than the corresponding read from /dev/random. The intent is to serve as a cryptographically secure pseudorandom number generator. This may be used for less secure applications.

/ dev / random的对应物是/ dev / urandom(“解锁”随机源),它重用内部池以产生更多的伪随机位。这意味着调用不会阻塞,但输出可能包含比来自/ dev / random的相应读取更少的熵。目的是充当加密安全的伪随机数生成器。这可用于不太安全的应用程序。

#3


3  

The /dev/random device is intended to be a source of cryptographically secure bits.

/ dev / random设备旨在成为加密安全位的来源。

#1


5  

Use /dev/random (requires user input, eg mouse movements) or /dev/urandom. The latter has an entropy pool and doesn't require any user input unless the pool is empty.

使用/ dev / random(需要用户输入,例如鼠标移动)或/ dev / urandom。后者具有熵池,除非池为空,否则不需要任何用户输入。

You can read from the pool like this:

你可以从这里读取这样的:

char buf[100];
FILE *fp;
if (fp = fopen("/dev/urandom", "r")) {
    fread(&buf, sizeof(char), 100, fp);
    fclose(fp);
}

Or something like that.

或类似的东西。

#2


5  

From Wikipedia (my italics):

来自*(我的斜体):

A counterpart to /dev/random is /dev/urandom ("unlocked" random source) which reuses the internal pool to produce more pseudo-random bits. This means that the call will not block, but the output may contain less entropy than the corresponding read from /dev/random. The intent is to serve as a cryptographically secure pseudorandom number generator. This may be used for less secure applications.

/ dev / random的对应物是/ dev / urandom(“解锁”随机源),它重用内部池以产生更多的伪随机位。这意味着调用不会阻塞,但输出可能包含比来自/ dev / random的相应读取更少的熵。目的是充当加密安全的伪随机数生成器。这可用于不太安全的应用程序。

#3


3  

The /dev/random device is intended to be a source of cryptographically secure bits.

/ dev / random设备旨在成为加密安全位的来源。