 |
AutoHotkey Community
Let's help each other out
|
| View previous topic :: View next topic |
| Author |
Message |
Laszlo
Joined: 14 Feb 2005
Posts: 4517
Location: Boulder, CO
|
 Posted: Wed Oct 24, 2007 10:49 pm Post subject: |
 |
|
| No, the last script was to demonstrate the fixed bits. You only need the GUID function from first post, and either RandR (for floating point random numbers) or RandI for random integers, also from the first post. |
|
| Back to top |
|
 |
Leon
Joined: 27 Aug 2007
Posts: 179
|
| Posted: Wed Oct 24, 2007 11:32 pm Post subject: |
|
|
@Laszlo
Thanks. I've edited the code to my needs and it seems to be working fine.
I get the following which looks fine
| Quote: | ed234b7cc39a849a41be48172e54f014
b13f45c20926a68c4ff9a9babeacc9d5
6234ee6a3b642aa749a6daf082dd45ca
946 1002 980 1051 962 991 1023 978 1049 1018 |
Could u please check my code below?
The lines commented with ;RandI were commented out as they are not necessary if using RandI instead of RandR - was I correct?
Also is there any advantage of RandR over RandI ?
| Code: | ;SetFormat float, 4.18 ;RandI
MsgBox % GUID()
MsgBox % GUID()
MsgBox % GUID()
;MsgBox % RandR() ;RandI
;MsgBox % RandR() ;RandI
;MsgBox % RandR() ;RandI
Loop 10000
{
f := RandI(0,9)
d%f% += 1
}
MsgBox %d0%`n%d1%`n%d2%`n%d3%`n%d4%`n%d5%`n%d6%`n%d7%`n%d8%`n%d9%`n
GUID()
{
format = %A_FormatInteger%
SetFormat Integer, Hex
VarSetCapacity(A,16)
DllCall("rpcrt4\UuidCreate","Str",A)
Address := &A
Loop 16
{
x := 256 + *Address
StringTrimLeft x, x, 3
h = %x%%h%
Address++
}
SetFormat Integer, %format%
Return h
}
RandI(min,max)
{
VarSetCapacity(A,16)
DllCall("rpcrt4\UuidCreate","Str",A)
Address := &A - 1
r = 0
Loop 8
r := (r + (*(Address+A_Index) ^ *(Address+A_Index+8)))/256.0
Return min + Floor(r*(max-min+1))
} |
Thanks for all your help |
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4517
Location: Boulder, CO
|
| Posted: Wed Oct 24, 2007 11:50 pm Post subject: |
|
|
In AHK XOR is denoted by the caret symbol | Code: | | *(Address+A_Index) ^ *(Address+A_Index+8)) |
The code takes bytes eight positions apart and XOR them, behind the scenes. The result is used, it has no fixed bits any more. (The result of the last loop tells that in 10,000 random numbers between 0 and 9 there were 946 zeros, 1002 ones, 980 twos…)
The code you posted is OK. RandR and RandI are used for different purposes. If you need random integers, use the later one, if you need floating point random numbers, used the former one. |
|
| Back to top |
|
|
Leon
Joined: 27 Aug 2007
Posts: 179
|
| Posted: Thu Oct 25, 2007 12:25 am Post subject: |
|
|
Aha! the caret!!
So for the pupose of creating a random number to use as a hash key, I would be better to use RandI, right? |
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4517
Location: Boulder, CO
|
| Posted: Thu Oct 25, 2007 12:56 am Post subject: |
|
|
| right |
|
| Back to top |
|
|
Leon
Joined: 27 Aug 2007
Posts: 179
|
| Posted: Thu Oct 25, 2007 1:07 am Post subject: |
|
|
| Quote: | | (The result of the last loop tells that in 10,000 random numbers between 0 and 9 there were 946 zeros, 1002 ones, 980 twos…) |
I guess these could almost be used as extra numbers for hashing.
But they are so similar would it be of any use to do so? |
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4517
Location: Boulder, CO
|
| Posted: Thu Oct 25, 2007 1:56 am Post subject: |
|
|
| Of course, they are similar: these are the frequencies of random integers. If they are uniformly distributed, they should occur roughly the same number of times. It is actually a randomness test. If the deviation from the mean (1,000) is larger than 3σ (~100), we had a problem. Don’t use these numbers for other purposes: they are slow to generate and should be close together. |
|
| Back to top |
|
|
Leon
Joined: 27 Aug 2007
Posts: 179
|
| Posted: Thu Oct 25, 2007 2:19 am Post subject: |
|
|
I see.
So if I use the script below to generate a key for the purposes of hashing some unique info,
would it be worth including the randomness test in a such a system, combined with having the script check the difference between values (ie check randomness) and if they are not deemed random enough take alternative action (exit i assume)
Could including it for example, detect user interference (attempted hacking)?
Or are there also possible situations where a such a level of (inadequate) randomness could occur through no malicious intent by User?
| Code: | MsgBox % GUID()
GUID()
{
format = %A_FormatInteger%
SetFormat Integer, Hex
VarSetCapacity(A,16)
DllCall("rpcrt4\UuidCreate","Str",A)
Address := &A
Loop 16
{
x := 256 + *Address
StringTrimLeft x, x, 3
h = %x%%h%
Address++
}
SetFormat Integer, %format%
Return h
} |
|
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4517
Location: Boulder, CO
|
| Posted: Thu Oct 25, 2007 3:21 am Post subject: |
|
|
This test was posted to prove the concept. You don’t need it. Either the GUID’s are good, or you should see an error returned from DllCall(“rpcrt4\UuidCreate”,”Str”,A). Either the ErroLevel or the return value is nonzero, non-empty.
It is possible that an attacker replaces the rpcrt4.dll in the target PC, and generates bad GUID’s. However, if he is not stupid, he would generate random looking ID’s, (something like a truncated multiple of the time), so such a simple randomness test would not catch him, but he has a pretty good idea about the generated number. I would not bother testing the GUID’s, only possible errors, like | Code: | ; ...
Result := DllCall(“rpcrt4\UuidCreate”,”Str”,A)
If (result or ErrorLevel)
MsgBox GUID is not supported
; ... |
With “generate a key for the purposes of hashing” you probably mean “a key for the purposes of encrypting”. These GUID’s can be good for crypto keys, but knowing nothing about the algorithm generating them, we cannot be sure. Some physical source of randomness could be safer.
Last edited by Laszlo on Thu Oct 25, 2007 6:18 am; edited 1 time in total |
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4517
Location: Boulder, CO
|
| Posted: Thu Oct 25, 2007 3:44 am Post subject: |
|
|
Btw, for more recent AHK versions we can write the GUID function a little compacter | Code: | GUID() {
format = %A_FormatInteger%
SetFormat Integer, Hex
VarSetCapacity(A,16)
DllCall("rpcrt4\UuidCreate","Str",A)
Loop 16
h .= SubStr(256+NumGet(A,A_Index-1,"UChar"),-1)
SetFormat Integer, %format%
Return h
} |
|
|
| Back to top |
|
|
Leon
Joined: 27 Aug 2007
Posts: 179
|
| Posted: Thu Oct 25, 2007 4:00 am Post subject: |
|
|
Thanks for the more compact option.
| Quote: | | With “generate a key for the purposes of hashing” you probably mean “a key for the purposes of encrypting” |
Yes I'm not too sure of the terminology there, so to clarify, I would like to use the Processor ID (globally unique and available from any processor as far as I know - correct me if I'm wrong)
and have it "interact" with the GUID in order to "disguise" it so as not to be dealing with people's private info.
By interact, I'm not yet sure what I mean. I guess multiplication?
Although that seems very simple.
Would it be better to use a method like the (K0, K1 etc) keys from your "SW copy protection" thread? |
|
| Back to top |
|
|
Leon
Joined: 27 Aug 2007
Posts: 179
|
| Posted: Thu Oct 25, 2007 4:05 am Post subject: |
|
|
| Laszlo wrote: | I would not bother testing the GUID’s, only possible errors, like | Code: | ; ...
Result = DllCall(“rpcrt4\UuidCreate”,”Str”,A)
If (result or ErrorLevel)
MsgBox GUID is not supported
; ... |
|
So it is possible for that to happen then - for GUIDs to not be supported? (only concerned with XP or later)
If so, do u have any experience / guess as to how likley /frequent that could happen? |
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4517
Location: Boulder, CO
|
| Posted: Thu Oct 25, 2007 4:13 am Post subject: |
|
|
I think it would not happen in XP, 2003 or Vista.
...and here is an even shorter version, w/o the likely unnecessary error check: | Code: | GUID() {
VarSetCapacity(A,16), S := "12"
DllCall("rpcrt4\UuidCreate","Str",A)
Loop 16
DllCall("msvcrt\sprintf", Str,S, Str,"%02x", "Uchar",*(&A+A_Index-1)), h .= S
Return h
} |
|
|
| Back to top |
|
|
Leon
Joined: 27 Aug 2007
Posts: 179
|
| Posted: Thu Oct 25, 2007 4:40 am Post subject: |
|
|
Thanks a lot Laszlo.
As a test i added the error check to the shortest code, but I got "GUID not supported". I have commented the various places i tried adding the error checking code.
Purely so I learn... where I am i wrong here?
| Code: | ;HERE
GUID() {
VarSetCapacity(A,16), S := "12"
DllCall("rpcrt4\UuidCreate","Str",A)
Result = DllCall(“rpcrt4\UuidCreate”,”Str”,A)
;HERE
Loop 16
DllCall("msvcrt\sprintf", Str,S, Str,"%02x", "Uchar",*(&A+A_Index-1)), h .= S
Return h
}
MsgBox % GUID()
;HERE |
|
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4517
Location: Boulder, CO
|
| Posted: Thu Oct 25, 2007 6:20 am Post subject: |
|
|
Sorry, there was a typo in the error check. We need ":=", not "=". | Code: | GUID() {
VarSetCapacity(A,16), S := "12"
DllCall("rpcrt4\UuidCreate","Str",A)
Result := DllCall("rpcrt4\UuidCreate","Str",A)
If (result or ErrorLevel)
MsgBox % GUID is not supported
Loop 16
DllCall("msvcrt\sprintf", Str,S, Str,"%02x", "Uchar",*(&A+A_Index-1)), h .= S
Return h
} |
|
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
