Cryptographic random numbers...

On Jul 17, 4:41*pm, "almu...@altavista.com" <almu...@altavista.com>
wrote:

Hi,

* * * * Hope you can help me with this one. I am trying to createrandom
number between 0 and 1 inclusive of cryptographiuc quality.
* * * * The problems is though - I don't know how! Here is what Ihave so far
and I would greatly appreciate any comments/suggestions/code-samples
that you may like to share. Thank you.

Al

**** CODE AS FOLLOWS ****

* * * * * * byte[] random = new byte[2];
* * * * * * RNGCryptoServiceProvider rng = new
RNGCryptoServiceProvider();
* * * * * * rng.GetBytes (random);

* * * * * * return Convert.ToDouble(random[0]);

*** END CODE ***

* * * * The prblem with the above is that it produces very large numbers. I
nned numbers between 0 and 1.

byte[] random = new byte[8];
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetBytes(random);
return (double)BitConverter.ToUInt64(random) / UInt64.Max;

On Jul 17, 5:41*am, "almu...@altavista.com" <almu...@altavista.com>
wrote:

Hi,

* * * * Hope you can help me with this one. I am trying to createrandom
number between 0 and 1 inclusive of cryptographiuc quality.
* * * * The problems is though - I don't know how! Here is what Ihave so far
and I would greatly appreciate any comments/suggestions/code-samples
that you may like to share. Thank you.

Al

**** CODE AS FOLLOWS ****

* * * * * * byte[] random = new byte[2];
* * * * * * RNGCryptoServiceProvider rng = new
RNGCryptoServiceProvider();
* * * * * * rng.GetBytes (random);

* * * * * * return Convert.ToDouble(random[0]);

*** END CODE ***

* * * * The prblem with the above is that it produces very large numbers. I
nned numbers between 0 and 1.

What is this class: RNGCryptoServiceProvider? If it's a library
function, just look into the documentation for it.

Another solution: use MSFT's Random() function, and don't worry about
it being of "crypto quality" --for most stuff it's OK, just use the
system clock to reseed it once in a while. Good enough for government
work.

RL

On Jul 17, 1:54*pm, raylopez99 <raylope...@yahoo.comwrote:

On Jul 17, 5:41*am, "almu...@altavista.com" <almu...@altavista.com>
wrote:

Hi,

* * * * Hope you can help me with this one. I am trying to create random
number between 0 and 1 inclusive of cryptographiuc quality.
* * * * The problems is though - I don't know how! Here is whatI have so far
and I would greatly appreciate any comments/suggestions/code-samples
that you may like to share. Thank you.

Al

**** CODE AS FOLLOWS ****

* * * * * * byte[] random = new byte[2];
* * * * * * RNGCryptoServiceProvider rng = new
RNGCryptoServiceProvider();
* * * * * * rng.GetBytes (random);

* * * * * * return Convert.ToDouble(random[0]);

*** END CODE ***

* * * * The prblem with the above is that it produces very large numbers. I
nned numbers between 0 and 1.

What is this class: RNGCryptoServiceProvider? *If it's a library
function, just look into the documentation for it.

Another solution: *use MSFT's Random() function, and don't worry about
it being of "crypto quality" --for most stuff it's OK, just use the
system clock to reseed it once in a while. *Good enough for government
work.

RL- Hide quoted text -

- Show quoted text -

Thank you both very much for your comments - its working now.
Al.

On Jul 17, 5:58*pm, "almu...@altavista.com" <almu...@altavista.com>
wrote:

Thank you both very much for your comments - its working now.

You didn't say which way you went, so here's a warning: if you do
indeed truly need cryptographic RNG (i.e., because your specification
requires you to, for example, if you're generating salt for
encryption), then you should absolutely not use Random (which is a
class, by the way, not a function) - it is very predictable.

On Thu, 17 Jul 2008 05:54:33 -0700 (PDT), raylopez99
<ra********@yahoo.comwrote:

>Another solution: use MSFT's Random() function, and don't worry about
it being of "crypto quality" --for most stuff it's OK, just use the
system clock to reseed it once in a while. Good enough for government
work.

Absolutely not. Random is NOT of cryptographic quality and should not
be used for cryptographic purposes. The requirements for a
cryptographic RNG are very different from a simple PRNG for
simulations, which is what Random is. See RFC 4056:
http://rfc.net/rfc4086.html for more details.

rossum

On Jul 17, 3:08*pm, Pavel Minaev <int...@gmail.comwrote:

On Jul 17, 5:58*pm, "almu...@altavista.com" <almu...@altavista.com>
wrote:

Thank you both very much for your comments - its working now.

You didn't say which way you went, so here's a warning: if you do
indeed truly need cryptographic RNG (i.e., because your specification
requires you to, for example, if you're generating salt for
encryption), then you should absolutely not use Random (which is a
class, by the way, not a function) - it is very predictable.

Sorry I'm using Pavels - it looks like this:

byte[] random = new byte[8];
RNGCryptoServiceProvider rng = new
RNGCryptoServiceProvider();
rng.GetBytes(random);
return (double)BitConverter.ToUInt64(random, 0)/
UInt64.MaxValue ;

Am interested to hear more about this salt...Any examples?

On Jul 17, 8:04*am, rossum <rossu...@coldmail.comwrote:

On Thu, 17 Jul 2008 05:54:33 -0700 (PDT), raylopez99

<raylope...@yahoo.comwrote:

Another solution: *use MSFT's Random() function, and don't worry about
it being of "crypto quality" --for most stuff it's OK, just use the
system clock to reseed it once in a while. *Good enough for government
work.

Absolutely not. *Random is NOT of cryptographic quality and should not
be used for cryptographic purposes. *The requirements for a
cryptographic RNG are very different from a simple PRNG for
simulations, which is what Random is. *See RFC 4056:http://rfc.net/rfc4086.htmlfor more details.

Whatever. Like Linus Torvalds said recently, the security folks have
their pants all tied in a knot over the smallest details. I'm sure
you're right, but if you reseed Random for the most part it gives you
pretty random numbers it seems to me.

And in fact reading the link you sent indicates that Microsoft does
have something that gets seeds from buffer memory something something
and produces near crypto quality randomness, which I guess is what the
OP was talking about: "Microsoft's recommendation to users of the
widely deployed Windows operating system is generally to use the
CryptGenRandom pseudo-random number generation call with the CryptAPI
cryptographic service provider. "

RL

raylopez99 <ra********@yahoo.comwrote:

Absolutely not. *Random is NOT of cryptographic quality and should not
be used for cryptographic purposes. *The requirements for a
cryptographic RNG are very different from a simple PRNG for
simulations, which is what Random is. *See RFC 4056:
http://rfc.net/rfc4086.htmlfor more details.

Whatever. Like Linus Torvalds said recently, the security folks have
their pants all tied in a knot over the smallest details. I'm sure
you're right, but if you reseed Random for the most part it gives you
pretty random numbers it seems to me.

And this is why people who aren't trained in security (including
myself) shouldn't be trusted to come up with secure algorithms.

System.Random *isn't* sufficiently random for security purposes. The OP
explicitly said he wanted a "cryptographic quality" random number
generator - why would you recommend something which goes directly
against what is asked for?

--
Jon Skeet - <sk***@pobox.com>
Web site: http://www.pobox.com/~skeet
Blog: http://www.msmvps.com/jon_skeet
C# in Depth: http://csharpindepth.com

On Thu, 17 Jul 2008 13:38:04 -0700 (PDT), raylopez99
<ra********@yahoo.comwrote:

>On Jul 17, 8:04*am, rossum <rossu...@coldmail.comwrote:

>On Thu, 17 Jul 2008 05:54:33 -0700 (PDT), raylopez99

<raylope...@yahoo.comwrote:

>Another solution: *use MSFT's Random() function, and don't worry about
it being of "crypto quality" --for most stuff it's OK, just use the
system clock to reseed it once in a while. *Good enough for government
work.

Absolutely not. *Random is NOT of cryptographic quality and should not
be used for cryptographic purposes. *The requirements for a
cryptographic RNG are very different from a simple PRNG for
simulations, which is what Random is. *See RFC 4056:http://rfc.net/rfc4086.htmlfor more details.

Whatever. Like Linus Torvalds said recently, the security folks have
their pants all tied in a knot over the smallest details. I'm sure
you're right, but if you reseed Random for the most part it gives you
pretty random numbers it seems to me.

Read Microsoft's own documentation for Random: "To generate a
cryptographically secure random number suitable for creating a random
password, for example, use a class derived from
System.Security.Cryptography.RandomNumberGenerator such as
System.Security.Cryptography.RNGCryptoServiceProvi der."

Reseeding Random can only take an Int32 as parameter. 32 bits is not
enough for most security purposes, and can be brute-forced reasonably
easily.

>
And in fact reading the link you sent indicates that Microsoft does
have something that gets seeds from buffer memory something something
and produces near crypto quality randomness, which I guess is what the
OP was talking about: "Microsoft's recommendation to users of the
widely deployed Windows operating system is generally to use the
CryptGenRandom pseudo-random number generation call with the CryptAPI
cryptographic service provider. "

Which is precisely what the default RNGCryptoServiceProvider does. To
quote from RFC 4068, section 7.1.3:
"Users of Windows ".NET" will probably find it easier to use
the RNGCryptoServiceProvider.GetBytes method interface."
Indeed.

rossum

>
RL

On Thu, 17 Jul 2008 10:29:12 -0700 (PDT), "al*****@altavista.com"
<al*****@altavista.comwrote:

>On Jul 17, 3:08*pm, Pavel Minaev <int...@gmail.comwrote:

>On Jul 17, 5:58*pm, "almu...@altavista.com" <almu...@altavista.com>
wrote:

Thank you both very much for your comments - its working now.

You didn't say which way you went, so here's a warning: if you do
indeed truly need cryptographic RNG (i.e., because your specification
requires you to, for example, if you're generating salt for
encryption), then you should absolutely not use Random (which is a
class, by the way, not a function) - it is very predictable.

Sorry I'm using Pavels - it looks like this:

byte[] random = new byte[8];
RNGCryptoServiceProvider rng = new
RNGCryptoServiceProvider();
rng.GetBytes(random);
return (double)BitConverter.ToUInt64(random, 0)/
UInt64.MaxValue ;

Am interested to hear more about this salt...Any examples?

See http://en.wikipedia.org/wiki/Salt_(cryptography)

It is used to stop an attacker precalculating password hashes from a
dictionary. See also Key Strengthening:
http://en.wikipedia.org/wiki/Key_strengthening for the use of salt in
a key stretching algorithm.

rossum

On Jul 17, 2:02*pm, Jon Skeet [C# MVP] <sk...@pobox.comwrote:

System.Random *isn't* sufficiently random for security purposes. The OP
explicitly said he wanted a "cryptographic quality" random number
generator - why would you recommend something which goes directly
against what is asked for?

Jon--Because nobody will ever know. If he codes using Random() and
uses a scrambler on his object code, how can you test to see if the
RNG is weak or not? Now I'm sure there's some specialized hardware
out there to do so, but as a practical matter nobody will ever find
out and even care. Worse case somebody finds out and you issue a
patch, and in the meantime have made money from pushing your product
out the door first, before your competitors do.

Rapid coding it's called. You can do a "CASE" analysis, lots of
flowcharting of software architecture using UML and state diagrams,
lots of discussion about program flow, 'best coding' practices for a
"Level 3" organization with a team of PhD programmers, or, you can
just sit down by yourself and by the seat of your pants bash out some
code on your keyboard over a couple of weeks, with the architecture
done on-the-fly and 'in your mind's eye'. Use Bangladore to help you
on modular stuff you can plug in later. Meanwhile you've told your
customers that your alpha code is in final testing and will be shipped
soon--you collect the money, ship the product and use some of the
revenue to issue patches and fix bugs later.

Without mentioning names, that's what Microsoft and other large
organizations have done or allegedly could have done, and if it's good
enough for MSFT, it's good enuf 4 me.

RL

On Jul 18, 10:50*am, raylopez99 <raylope...@yahoo.comwrote:

On Jul 17, 2:02*pm, Jon Skeet [C# MVP] <sk...@pobox.comwrote:

System.Random *isn't* sufficiently random for security purposes. The OP
explicitly said he wanted a "cryptographic quality" random number
generator - why would you recommend something which goes directly
against what is asked for?

Jon--Because nobody will ever know. *If he codes using Random() and
uses a scrambler on his object code, how can you test to see if the
RNG is weak or not? *Now I'm sure there's some specialized hardware
out there to do so, but as a practical matter nobody will ever find
out and even care. *Worse case somebody finds out and you issue a
patch, and in the meantime have made money from pushing your product
out the door first, before your competitors do.

Rapid coding it's called. *You can do a "CASE" analysis, lots of
flowcharting of software architecture using UML and state diagrams,
lots of discussion about program flow, 'best coding' practices for a
"Level 3" organization with a team of PhD programmers, or, you can
just sit down by yourself and by the seat of your pants bash out some
code on your keyboard over a couple of weeks, with the architecture
done on-the-fly and 'in your mind's eye'. *Use Bangladore to help you
on modular stuff you can plug in later. *Meanwhile you've told your
customers that your alpha code is in final testing and will be shipped
soon--you collect the money, ship the product and use some of the
revenue to issue patches and fix bugs later.

Without mentioning names, that's what Microsoft and other large
organizations have done or allegedly could have done, and if it's good
enough for MSFT, it's good enuf 4 me.

RL

On a point of information there is a test for random sequence called
the chi-squared statistic cf.
http://en.wikibooks.org/wiki/Algorit...hi-Square_Test

On Jul 18, 10:50*am, raylopez99 <raylope...@yahoo.comwrote:

System.Random *isn't* sufficiently random for security purposes. The OP
explicitly said he wanted a "cryptographic quality" random number
generator - why would you recommend something which goes directly
against what is asked for?

Jon--Because nobody will ever know. *If he codes using Random() and
uses a scrambler on his object code, how can you test to see if the
RNG is weak or not? *Now I'm sure there's some specialized hardware
out there to do so, but as a practical matter nobody will ever find
out and even care. *Worse case somebody finds out and you issue a
patch, and in the meantime have made money from pushing your product
out the door first, before your competitors do.

If the code has reached client machines, they can very easily find out
that he's using System.Random. Ever used Reflector? It not, try it.

Rapid coding it's called.

In this case it's called *sloppy* coding. Deliberately using something
you know to be weak, despite a declared requirement for a
cryptographically strong random number generator is just sloppy -
particularly when the alternative is readily available.

I'm all for agile coding and doing the simplest possible thing that
meets the requirements - but meeting the requirements is the key here.
Using System.Random *doesn't* meet the stated requirements.

Jon

On Fri, 18 Jul 2008 02:50:07 -0700 (PDT), raylopez99
<ra********@yahoo.comwrote:

>On Jul 17, 2:02*pm, Jon Skeet [C# MVP] <sk...@pobox.comwrote:

>System.Random *isn't* sufficiently random for security purposes. The OP
explicitly said he wanted a "cryptographic quality" random number
generator - why would you recommend something which goes directly
against what is asked for?

Jon--Because nobody will ever know.

The OP stated that he needed cryptographic quality random numbers. In
cryptogrqaphy you need to think in terms of the person who you are
defending against - "the attacker." Anything that the attacker can
reasonably do they are assumed to be able to do and so must be guarded
against. In this case the attacker can be reasonably expected to know
that Random is being used.

>If he codes using Random() and uses a scrambler on his object code,
how can you test to see if the RNG is weak or not?

The attacker can descramble the code, use Reflection, check links into
the .NET libraries or just look at the assembler actually being run on
the CPU. Random uses a known algorithm from Knuth so the attacker can
be expected to recognise it.

>Now I'm sure there's some specialized hardware
out there to do so,

There is, both hardware and software. The attacker can be assumed to
have it and to be able to use it correctly.

>but as a practical matter nobody will ever find
out and even care.

The attacker will find out and will most definitely care.

>Worse case somebody finds out and you issue a
patch, and in the meantime have made money from pushing your product
out the door first, before your competitors do.

And the people who suffered a loss because your insecure database
allowed their credit card details to be hacked sue you for punitive
damages. Their loss is a direct consequence of your sloppy security
design. How much money would that lose you? Bad security increases
some risks, including risks to the bottom line.

>
Rapid coding it's called.

It is also called sloppy security.

>
Without mentioning names, that's what Microsoft and other large
organizations have done or allegedly could have done, and if it's good
enough for MSFT, it's good enuf 4 me.

So you are still using the original crackable version of WEP then?
According to Wikipedia that time to crack is now down to a matter of
minutes.

rossum

>
RL

raylopez99 wrote:

On Jul 17, 5:41 am, "almu...@altavista.com" <almu...@altavista.com>
wrote:

[snip]

Another solution: use MSFT's Random() function, and don't worry about
it being of "crypto quality" --for most stuff it's OK, just use the
system clock to reseed it once in a while. Good enough for government
work.

RL

That's not a solution to the question when the OP specifically asks
about cryptographic quality random numbers.

raylopez99 wrote:

On Jul 17, 2:02 pm, Jon Skeet [C# MVP] <sk...@pobox.comwrote:

>System.Random *isn't* sufficiently random for security purposes. The OP
explicitly said he wanted a "cryptographic quality" random number
generator - why would you recommend something which goes directly
against what is asked for?

Jon--Because nobody will ever know. If he codes using Random() and
uses a scrambler on his object code, how can you test to see if the
RNG is weak or not? Now I'm sure there's some specialized hardware
out there to do so, but as a practical matter nobody will ever find
out and even care. Worse case somebody finds out and you issue a
patch, and in the meantime have made money from pushing your product
out the door first, before your competitors do.

Highly unethical. :(

Todd

Jon Skeet [C# MVP] wrote:

On Jul 18, 10:50 am, raylopez99 <raylope...@yahoo.comwrote:

>>System.Random *isn't* sufficiently random for security purposes. The OP
explicitly said he wanted a "cryptographic quality" random number
generator - why would you recommend something which goes directly
against what is asked for?

Jon--Because nobody will ever know. If he codes using Random() and
uses a scrambler on his object code, how can you test to see if the
RNG is weak or not? Now I'm sure there's some specialized hardware
out there to do so, but as a practical matter nobody will ever find
out and even care. Worse case somebody finds out and you issue a
patch, and in the meantime have made money from pushing your product
out the door first, before your competitors do.

If the code has reached client machines, they can very easily find out
that he's using System.Random. Ever used Reflector? It not, try it.

>Rapid coding it's called.

In this case it's called *sloppy* coding. Deliberately using something
you know to be weak, despite a declared requirement for a
cryptographically strong random number generator is just sloppy -
particularly when the alternative is readily available.

It's not sloppy, it's lazy and unethical.

Todd