Once upon a time, this (XOR encryption):

http://www.cplusplus.com/forum/lounge/60149/

Ever since I started that thread, I was wondering about whether or not to translate the utility into C++11 and post it as an article.

What stopped me back then was that the*random* library in GCC was incomplete.

What stops me now is that I'm unsure if PRNG's can be trusted to do a job as good as "true" RNG's. What's worse,*one does not simply* securely store the one-time pad information on a computer.

What do you think about all of this?

http://www.cplusplus.com/forum/lounge/60149/

Ever since I started that thread, I was wondering about whether or not to translate the utility into C++11 and post it as an article.

What stopped me back then was that the

What stops me now is that I'm unsure if PRNG's can be trusted to do a job as good as "true" RNG's. What's worse,

What do you think about all of this?

http://www.boost.org/doc/libs/1_53_0/doc/html/boost/random/random_device.html

?

I'd love to see the article...

?

I'd love to see the article...

Last edited on

boost wrote: |
---|

It uses one or more implementation-defined stochastic processes to generate a sequence of uniformly distributed non-deterministic random numbers |

I'm confused. How can a non-deterministic RNG be uniformly distributed? Aren't those mutually exclusive?

I think you're confusing the probability distribution with the actual distribution of a finite number of samples. An ideal coin is both truly random and uniformly distributed, but it's possible to encounter a different number of heads and tails after a finite number of tosses. The uniformity merely implies that heads(n)/tails(n) tends to 1 as n tends to ∞.

True, for this case I guess either library is adequate. Boost just has some better (very) long period deterministic generators. I'm not so clear on why the whole of that boost library was not included into C++11...

Last edited on

The question remains (and perhaps I should have made it clearer in the first post) how secure would it be, cryptographically, for a program to use the C++11 *random* library to generate one-time pads?

That's the basis of the XOR encryptor: for any file to be encrypted generate a file of exactly the same size filled with "random" data then XOR them to create the "ciphertext", if you will.

I'm trying to understand if I would be lying to readers by claiming that the method is*secure*. (Obviously side channel attacks and snooping are a different topic.)

That's the basis of the XOR encryptor: for any file to be encrypted generate a file of exactly the same size filled with "random" data then XOR them to create the "ciphertext", if you will.

I'm trying to understand if I would be lying to readers by claiming that the method is

No, it is not secure.

One-time work when the attacker cannot easily find or*generate* the pad text. Using common PRNGs defeats that.

Of course, they are also secure when the attacker has no idea how the pad is obtained... but a PRNG can be broken.

Back to the movie.

One-time work when the attacker cannot easily find or

Of course, they are also secure when the attacker has no idea how the pad is obtained... but a PRNG can be broken.

Back to the movie.

Topic archived. No new replies allowed.