Re: Secure random ID generation

>> Not all systems have a /dev/random.  

> secure, portale (ie userland) entropy gathering daemons exist. however,
> most languages have some form of a PRNG. its a lot easier than trying to
> write your own.

  Unfortunately, NO language specifies the algorithm to be used for the PRNG in its libraries.
  For any but the most trivial purposes you should supply an external generator.

  Rolling your own, in the sense of making something up and implementing it is also a bad idea.

  The proper thing to do is to use a library that provides, or implement, a standard algorithm that
  has been tested thouroughly and reviewed to be appropriate for your application. Also there is
  no universally appropriate PRNG, different applications have different demands.

  (see: http://www.taygeta.com/random/example.html for an example of things going wrong with an

   unsuitable PRNG in stochastic calculus).

-- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip@taygeta.com
 1340 Munras Ave., Suite 314    WWW: 
http://www.taygeta.com
 Monterey, CA. 93940            

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek