| View previous topic :: View next topic |
| Author |
Message |
greynite
Joined: 17 May 2008
Posts: 32
Location: Dallas, TX
|
 Posted: Fri Jan 02, 2009 8:44 am Post subject: |
 |
|
| Laszlo wrote: | | Yes, you can do that. TEA is even faster |
I thought TEA was fairly broken? Do it's faults not apply to this use?
| Quote: | | Keep in mind that AHK's built in random number generator is two orders of magnitude faster, so only use ciphers for secure random numbers, for higher quality requirements. |
Speaking of which, is there any way to drop fresh entropy -- e.g. GUID output -- into the internal state of the built-in RNG? I was reading some of your archive posts about the twister's poor applicability for security.
Thanks,
Shawn |
|
| Back to top |
|
 |
Laszlo
Joined: 14 Feb 2005
Posts: 4514
Location: Boulder, CO
|
| Posted: Fri Jan 02, 2009 3:15 pm Post subject: |
|
|
The XTEA version posted in the Forum is not broken, but it is not as secure AES. TEA's advantages are its speed, small footprint and the flexibility in the number of rounds, which allows tuning it to your security requirements. There are even faster and similarly secure alternatives.
The difficulty with the Mersenne Twister, built in AHK is that its large table is initialized with a Linear Congruential Generator. If you re-seed it often, you degrade the randomness to that of the LCG. If you don't re-seed it, the simple twister algorithm can be inverted, the seed guessed. Maybe the best is to use a few different simple, fast pseudorandom number generators, and add/XOR their results. The seeds could be derived from a couple of GUID's, not the AHK's default tick count alone, which does not provide enough entropy. |
|
| Back to top |
|
|
greynite
Joined: 17 May 2008
Posts: 32
Location: Dallas, TX
|
| Posted: Wed Jan 28, 2009 5:26 am Post subject: |
|
|
| Laszlo wrote: | The XTEA version posted in the Forum is not broken[..]
The difficulty with the Mersenne Twister, built in AHK is that its large table is initialized with a Linear Congruential Generator. If you re-seed it often, you degrade the randomness to that of the LCG. If you don't re-seed it, the simple twister algorithm can be inverted, the seed guessed. Maybe the best is to use a few different simple, fast pseudorandom number generators, and add/XOR their results. The seeds could be derived from a couple of GUID's, not the AHK's default tick count alone, which does not provide enough entropy. |
So how about using the GUID / XTEA + builtin random() ? e.g.:
| Code: |
TRandom()
{
if (not rounds) {
tweak = GUIDRandom()
rounds = 100
}
rounds -= 1
return Mod( tweak + random(), 1.0 )
}
|
thoughts? I figure 99% of the time we're just adding overhead of three extra math operations & a user function call versus just using builtin random() directly, but getting the benefit of less predicable numbers coming out of the twister. |
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4514
Location: Boulder, CO
|
| Posted: Wed Jan 28, 2009 7:32 am Post subject: |
|
|
| The differences between consecutive random numbers generated this way are (roughly) the same as the differences of the random numbers generated by the built in generator, most of the time, therefore there is practically no security. Generating secure random numbers is not easy, and these speedups usually turn out bad. |
|
| Back to top |
|
|
rani
Joined: 18 Mar 2008
Posts: 144
|
| Posted: Tue Apr 21, 2009 4:34 pm Post subject: get GUID in PC |
|
|
Hi Laszlo,
what is the function to get
GUID of a PC
that was created by some other tool ? |
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4514
Location: Boulder, CO
|
| Posted: Tue Apr 21, 2009 7:06 pm Post subject: |
|
|
| The Windows GUID is different at each call. If the other application does not tell what it got, there is no way to discover that old instance of the GUID. |
|
| Back to top |
|
|
rani
Joined: 18 Mar 2008
Posts: 144
|
| Posted: Wed Apr 22, 2009 6:37 am Post subject: |
|
|
it was created with delphi:
CoCreateGUID(guid)
and then converted to string
can it help ? |
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4514
Location: Boulder, CO
|
| Posted: Wed Apr 22, 2009 6:50 am Post subject: |
|
|
| The Delphi program can write its GUID to disk, and you can read it from there (or from the registry, or sent as a parameter of a Windows message, etc.). |
|
| Back to top |
|
|
rani
Joined: 18 Mar 2008
Posts: 144
|
| Posted: Wed Apr 22, 2009 12:38 pm Post subject: |
|
|
| how I can read it with ahk ? |
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4514
Location: Boulder, CO
|
| Posted: Wed Apr 22, 2009 3:59 pm Post subject: |
|
|
| It depends to where and how it is written |
|
| Back to top |
|
|
rani
Joined: 18 Mar 2008
Posts: 144
|
| Posted: Sat May 02, 2009 5:08 pm Post subject: |
|
|
hi laslo,
I need to get uinque ID of client PC
how I can define some simple own GUID , for first time if it's not defined
and if defined get it's value ? |
|
| Back to top |
|
|
Laszlo
Joined: 14 Feb 2005
Posts: 4514
Location: Boulder, CO
|
| Posted: Sat May 02, 2009 5:16 pm Post subject: |
|
|
| These are random looking numbers, always different when you generate them. It does not matter if they are generated in the client machine or in your own. You probably want a secure fingerprint of the client, which is also a random looking number, but when generated repeatedly it remains the same until the PC configuration changes. See here. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
