In some email I received from Perry E. Metzger, Sie wrote:
From: yanek@novavax.nova.edu (Yanek Martinson)
How about using ps -laxww as a source of randomness?
Its a rather bad source. Operations of a computer system are suprisingly low on entropy. I'd guess that, if I needed to and had enough resources, I could break such a generator without more than a few months work, and even get the system to break it semi-automatic.
No one here seems to think in terms of cryptanalysis and how people do it when they come up with their schemes.
Well whenever I try to come up with some nifty crypto scheme, I always seem to think it is too easy to break if you know its being used but then I dont like doing too much 'expensive' crypting and I usually find some cheap algo which uses a more expensive one for key trading. Has anyone tried using the microsecond counter from unix as a random source ? Its obviously *not* going to be good if you want a continuous stream of random numbers, but if you need them just 'every now and then', what about it ? Something like this would be used: struct timeval tv; long rand; ... gettimeofday(&tv, NULL); rand = tv.tv_usec + tv.tv_sec; ... Very unlikely to get a duplicate, esp. if you dont need the number more often than 1 per second. darren