ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ok, I've got random number and letter generation working. Is there a way to set the seed to register as a more precise time? When I try to loop the program, it just repeats the same number and letter, I'm assuming because the seed is set to register a change too slowly. Suggestions?
Where is your srand() call? In the code you had previously, it was in the same function that returned the number (i.e. srand() reinitialized the seed each time you got a new number). You only need to call it once at the start of the program. If you've already done that, then I'm not sure... would have to see more code.
oh, that might be it. How often does the seed change when srand() is based off of time? I don't have my code with me, I'll have to check when I go home. If I call srand() at the beginning, will it work in the functions and stuff too?
random numbers are essentially a list of numbers the seed positions yourself in a specific point in that list. What that means is that if you call srand with the same number you will be able to repeat the sequence of "random" numbers. This can be useful when testing and repeating specific test cases. However you typically want different numbers each time the program is run which is why srand is often called with a the time being passed into it. If between invocations of srand the time difference is small then there is a chance that the seed will go to the same point in the list, hence giving you the same sequence of numbers.
As Dark Helmet said you only need to call it once in your program.
duh! Of course, thank you.That works now. Thanks again. How "cryptographically secure" is this method? Is there a more secure way to do this? Basically the point is to write a password generator.
Sorry don't get me wrong your algorithm does work, it's just that it relies on integer overflow {10 * rand()} and implicit typecasting {int/(int+double)}. Whereas the method I used achieves the same end result, it requires less instructions and is the common way to do it, which means that it is easier for others to understand.
oh, ok. So you're way is more proper. That makes sense. How about the "cryptographic security" of what I'm trying to do? It's intended as a password generator, and thus, should be as secure as possible. Other suggestions?
also, using your way, is there any reason I need to pass parameters to the function? Could I just specify the limits in the function, as opposed to passing the parameter?
EDIT: Actually, I found a reason for it. I needed to use the function in more than one place, thanks.
Last edited by microsoft/linux; 05-03-2006 at 06:32 PM.
If the person knows when the password was generated (to the second) then it could be compromised. Using gettimeofday() would make that harder because it get the time in microseconds.
But an easy way to counter it would be to create a password file. You generate say 100 passwords and store them in a secure file, when you need a new password you randomly select one from the file replace it with a newly generated password and return the "old" password. That is (of course) is only as secure as your file!
Another approach would be to generate 10 or so passwords, reset the seed and select one from the list. Again if you use gettimeofday() to seed the random number generator that would make it harder to crack.
Of course if the person who has the password writes it on a stickly note and attaches it to their computer screen...
well, right, but there's nothing I can do about the person being stupid with their passwords. How does having a password file make something more secure? I'll use gettimeofday() instead, more precise is better. Thanks for all of your help.
Which include statement do I need for gettimeofday()?
Last edited by microsoft/linux; 05-03-2006 at 07:27 PM.
How does having a password file make something more secure?
Just that you don't use the password that you generate at that time but one that was generated much earlier, so even if the person was able to guess the time that the password was generated that wouldn't help. But as I said if the password file is compromised then you are in trouble.
As an aside the security is not just the password but also what you do when someone fails to provide the correct password. Do you lock them out (I'd hope so), if so after how many attempts? How can someone get back in?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.