Closed mebjas closed 10 years ago
mebjas
commented
10 years ago Alternative to throwing an exception, we can maintain a character limit, and whenever function is called check if the requested length is greater than that limit, if yes return a hash of length of the limit. And mention the max limit in documentation.
MysterAitch
commented
10 years ago Why throw an exception/have a limit? Could we not, instead, fulfil requests for longer random strings?
I am not qualified to recommend any particular crypto method, but one method that comes to mind is concatenating several 128-length random strings upto the requested length.
abiusx
commented
10 years ago Concatenating random strings introduces no more entropy, as by having the first random string, an attacker can generate the rest simply by setting the generators state. A generator can create as much randomness as its size, the rest are deterministic. -A
Notice: This message is digitally signed, its source and integrity are verifiable. If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body. Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com
On Mar 18, 2014, at 6:40 PM, howelrtc notifications@github.com wrote:
Why throw an exception/have a limit? Could we not, instead, fulfil requests for longer random strings?
I am not qualified to recommend any particular crypto method, but one method that comes to mind is concatenating several 128-length random strings upto the requested length.
— Reply to this email directly or view it on GitHub.
mebjas
commented
10 years ago I had one idea, I'm not very sure if thats good. Suppose we are to generate a 256 character random string & our random generator function is capable of generating maximum 128 character random string! so we create two such hash & merge them in random fashion like: "abcd" + "wxyz" = "ayxbzcdw"
wouldn't this be a safe method of creating random string of any length?
abiusx
commented
10 years ago No. The second random is deterministic by having the first. -A
Notice: This message is digitally signed, its source and integrity are verifiable. If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body. Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com
On Apr 11, 2014, at 12:22 PM, minhaz notifications@github.com wrote:
I had one idea, I'm not very sure if thats good. Suppose we are to generate a 256 character random string & our random generator function is capable of generating maximum 128 character random string! so we create two such hash & merge them in random fashion like: "abcd" + "wxyz" = "ayxbzcdw"
wouldn't this be a safe method of creating random string of any length?
— Reply to this email directly or view it on GitHub.
As mentioned by @SvenRtbg Currently the Rand::randstr() function can generate a maximum of 128 character random string, so the function should throw an exception if it cannot fulfill the programmers request for 1024 (or any no > 128) random characters. Also it should be mentioned in documentation.