#include <FXSecure.h>
For cryptographic work, a source of good randomness is essential. On modern Unices, /dev/urandom
does the job but on Windows there is no such facility. This class fixes this problem portably.
On Linux or BSD/MacOS X, it just uses /dev/urandom
. On Windows NT, it creates randomness from the following sources:
/dev/urandom
. If the attacker has an intercept directly on the network connection of the secure machine, they could probably guess the network i/o counter & machine uptime - however in today's modern computer installations, disc i/o is relatively unconnected with server load as various individual processes and the swap file interact with the system. To add a further system-dependent randomness, the salt is the average disc queue length (how much latency between asking for a read or write and the disc actually doing it), average time per transfer plus the percentage of time the system is currently spending doing disc activity. Since these figures depend greatly on the specification of your hard drive model and its connection to your motherboard's bus (never mind driver design), this should provide adequate saltiness.This data is all written into a 8192+8 bit ring buffer by a background thread started with the process. Only changed bits are stored as so to encourage entropy density and where no activity took place, nothing is stored. The +8 in case you were wondering is because data reads are usually a power of two (eg; 256, 512, 1024 bit) and the extra byte causes a byte stipple per revolution through the ring buffer.
Lastly, because it takes some time to read 8192+8 bits of this kind of randomness especially on a machine doing no i/o at all, the ring buffer is actually placed in shared memory so that a new process can immediately get to work. If random data is requested just after startup and it must first be read, reads will block until the requested quantity of random data is available.
Static Public Member Functions | |
static FXuval | readBlock (FXuchar *buffer, FXuval length) |
static FXuval | size () |
static FXuval FX::Secure::Randomness::readBlock | ( | FXuchar * | buffer, | |
FXuval | length | |||
) | [static] |
Reads up to 1024 bytes (8192 bits) of randomness. Blocks until sufficient random data is available if necessary
static FXuval FX::Secure::Randomness::size | ( | ) | [static] |
Returns how much randomness is already available.