How can I obtain prng_state for sprng?
21 views
Skip to first unread message
Damon H. (TheDcoder)
May 7, 2019, 2:13:52 PM5/7/19
to lib...@googlegroups.com
Hello everyone,
Sorry about the simple question but I am not very experienced with
cryptography or using cryptographic libraries for that matter. I have
decided to use LibTomCrypt for some cryptographic operations in my
program, the hash functions are great! Much better than the ones
supplied with OpenSSL :)
Now I am attempting to use a salt made up of random data, I came across
the sprng random number generator, the documentation mentions that it
doesn't need initialization, so I am assuming that I can directly use
the sprng_read function to get some secure random bytes, but it requires
a prng_state which I am not sure how to obtain :-/
Can anyone point me in the right direction? I tried a lot of reading but
there is something that I am missing, and being new to all of this isn't
helping...
Thanks in advance!
Regards,
Damon H.
Sorry about the simple question but I am not very experienced with
cryptography or using cryptographic libraries for that matter. I have
decided to use LibTomCrypt for some cryptographic operations in my
program, the hash functions are great! Much better than the ones
supplied with OpenSSL :)
Now I am attempting to use a salt made up of random data, I came across
the sprng random number generator, the documentation mentions that it
doesn't need initialization, so I am assuming that I can directly use
the sprng_read function to get some secure random bytes, but it requires
a prng_state which I am not sure how to obtain :-/
Can anyone point me in the right direction? I tried a lot of reading but
there is something that I am missing, and being new to all of this isn't
helping...
Thanks in advance!
Regards,
Damon H.
Damon H. (TheDcoder)
May 7, 2019, 2:39:42 PM5/7/19
to lib...@googlegroups.com
I actually tried an experiment and found out that the prng parameter is not used at all, I peeked into the source code to find this out... so for now NULL works great, but I am not sure how good it is at security, I need to do more reading to find that out I guess.
Steffen Jaeckel
May 10, 2019, 6:30:32 AM5/10/19
to lib...@googlegroups.com, Damon H. (TheDcoder)
On 5/7/19 8:39 PM, Damon H. (TheDcoder) wrote:
> I actually tried an experiment and found out that the prng parameter is
> not used at all, I peeked into the source code
> <https://github.com/libtom/libtomcrypt/blob/e8afa13d5c19d2757ff56537d34802c1dad2c507/src/prngs/sprng.c#L84>
> I actually tried an experiment and found out that the prng parameter is
> not used at all, I peeked into the source code
passing NULL as state is perfectly fine as the sprng simply reads from
the RNG of your system so it doesn't need to have state.
Cheers,
Steffen
--
Steffen Jaeckel - s_ja...@gmx.de
GnuPG fingerprint: C438 6A23 7ED4 3A47 5541 B942 7B2C D0DD 4BCF F59B
My OTR key has changed on 30. Sept. 2015!
jabber: jae...@jabber.ccc.de 93BA97FA F3702AB7 DCBEB7C7 291DB383 284996CB
Damon H. (TheDcoder)
May 10, 2019, 1:34:51 PM5/10/19
to lib...@googlegroups.com
Hello Steffen,
Thank you for the reply, I have now understand how the sprng functions
work. Still I am not really sure about the distinction between rng and
sprng since the latter just seems to be wrapping the former? But I am
sure I'll figure out some day in the future as I continue working with
LibTomCrypt :)
Regards,
Damon H. (TheDcoder)
P.S I made a mistake and hit the wrong "Reply" button and my original
reply was directly sent to Steffen. I apologize for the mistake, I am
not familiar with mailing lists and even less familiar with choosing the
right "Reply" option as I almost never reply to group emails.
Thank you for the reply, I have now understand how the sprng functions
work. Still I am not really sure about the distinction between rng and
sprng since the latter just seems to be wrapping the former? But I am
sure I'll figure out some day in the future as I continue working with
LibTomCrypt :)
Regards,
Damon H. (TheDcoder)
P.S I made a mistake and hit the wrong "Reply" button and my original
reply was directly sent to Steffen. I apologize for the mistake, I am
not familiar with mailing lists and even less familiar with choosing the
right "Reply" option as I almost never reply to group emails.
Steffen Jaeckel
May 10, 2019, 7:03:25 PM5/10/19
to lib...@googlegroups.com, Damon H. (TheDcoder)
Hi Damien,
On 5/10/19 7:34 PM, Damon H. (TheDcoder) wrote:
> Hello Steffen,
>
> Thank you for the reply, I have now understand how the sprng functions
> work. Still I am not really sure about the distinction between rng and
> sprng since the latter just seems to be wrapping the former? But I am
> sure I'll figure out some day in the future as I continue working with
> LibTomCrypt :)
you're welcome.
The sprng reads from your OS provider of random data which ensures that
it's always returning random data.
All the other prng's in the library are simply "an implementation of the
specific prng" which means that after initialization they have a
pre-defined state and are not random at all, but they can be seeded with
real random data so their output will also be random.
You should probably read it up on wikipedia [2] and the PRNG Chapter 9
of the libtomcrypt developer manual [3].
> P.S I made a mistake and hit the wrong "Reply" button and my original
> reply was directly sent to Steffen. I apologize for the mistake, I am
> not familiar with mailing lists and even less familiar with choosing the
> right "Reply" option as I almost never reply to group emails.
no worries :-)
Cheers,
Steffen
[1]
https://github.com/libtom/libtomcrypt/blob/develop/src/prngs/rng_get_bytes.c
[2] https://en.wikipedia.org/wiki/Pseudorandom_number_generator
[3]
https://github.com/libtom/libtomcrypt/releases/download/v1.18.2/crypt-1.18.2.pdf
On 5/10/19 7:34 PM, Damon H. (TheDcoder) wrote:
> Hello Steffen,
>
> Thank you for the reply, I have now understand how the sprng functions
> work. Still I am not really sure about the distinction between rng and
> sprng since the latter just seems to be wrapping the former? But I am
> sure I'll figure out some day in the future as I continue working with
> LibTomCrypt :)
The sprng reads from your OS provider of random data which ensures that
it's always returning random data.
All the other prng's in the library are simply "an implementation of the
specific prng" which means that after initialization they have a
pre-defined state and are not random at all, but they can be seeded with
real random data so their output will also be random.
You should probably read it up on wikipedia [2] and the PRNG Chapter 9
of the libtomcrypt developer manual [3].
> P.S I made a mistake and hit the wrong "Reply" button and my original
> reply was directly sent to Steffen. I apologize for the mistake, I am
> not familiar with mailing lists and even less familiar with choosing the
> right "Reply" option as I almost never reply to group emails.
Cheers,
Steffen
[1]
https://github.com/libtom/libtomcrypt/blob/develop/src/prngs/rng_get_bytes.c
[2] https://en.wikipedia.org/wiki/Pseudorandom_number_generator
[3]
https://github.com/libtom/libtomcrypt/releases/download/v1.18.2/crypt-1.18.2.pdf
Reply all
Reply to author
Forward
0 new messages