AutoHotkey Community

I thought TEA was fairly broken? Do it's faults not apply to this use?
Speaking of which, is there any way to drop fresh entropy -- e.g. GUID output -- into the internal state of the built-in RNG? I was reading some of your archive posts about the twister's poor applicability for security.

Thanks,
Shawn

The XTEA version posted in the Forum is not broken, but it is not as secure AES. TEA's advantages are its speed, small footprint and the flexibility in the number of rounds, which allows tuning it to your security requirements. There are even faster and similarly secure alternatives.

The difficulty with the Mersenne Twister, built in AHK is that its large table is initialized with a Linear Congruential Generator. If you re-seed it often, you degrade the randomness to that of the LCG. If you don't re-seed it, the simple twister algorithm can be inverted, the seed guessed. Maybe the best is to use a few different simple, fast pseudorandom number generators, and add/XOR their results. The seeds could be derived from a couple of GUID's, not the AHK's default tick count alone, which does not provide enough entropy.

So how about using the GUID / XTEA + builtin random() ? e.g.:


thoughts? I figure 99% of the time we're just adding overhead of three extra math operations & a user function call versus just using builtin random() directly, but getting the benefit of less predicable numbers coming out of the twister.

The differences between consecutive random numbers generated this way are (roughly) the same as the differences of the random numbers generated by the built in generator, most of the time, therefore there is practically no security. Generating secure random numbers is not easy, and these speedups usually turn out bad.

Hi Laszlo,

what is the function to get
GUID of a PC
that was created by some other tool ?

The Windows GUID is different at each call. If the other application does not tell what it got, there is no way to discover that old instance of the GUID.

it was created with delphi:
CoCreateGUID(guid)
and then converted to string

can it help ?

The Delphi program can write its GUID to disk, and you can read it from there (or from the registry, or sent as a parameter of a Windows message, etc.).

how I can read it with ahk ?

It depends to where and how it is written

hi laslo,

I need to get uinque ID of client PC

how I can define some simple own GUID , for first time if it's not defined
and if defined get it's value ?

These are random looking numbers, always different when you generate them. It does not matter if they are generated in the client machine or in your own. You probably want a secure fingerprint of the client, which is also a random looking number, but when generated repeatedly it remains the same until the PC configuration changes. See here.

Hi Laszlo,
will the unique PC number (as GUID or yours) will not be copied with
image pc copy to other PC (or server)?, means bit to bit copy.

so :
the new PC (copied with image copy) will not have the origin unique-PC-number ?

rani