data type errors

microsoft/linux · 05-02-2006, 10:26 PM

ok, I've got random number and letter generation working. Is there a way to set the seed to register as a more precise time? When I try to loop the program, it just repeats the same number and letter, I'm assuming because the seed is set to register a change too slowly. Suggestions?

Dark_Helmet · 05-02-2006, 10:54 PM

Where is your srand() call? In the code you had previously, it was in the same function that returned the number (i.e. srand() reinitialized the seed each time you got a new number). You only need to call it once at the start of the program. If you've already done that, then I'm not sure... would have to see more code.

microsoft/linux · 05-03-2006, 09:15 AM

oh, that might be it. How often does the seed change when srand() is based off of time? I don't have my code with me, I'll have to check when I go home. If I call srand() at the beginning, will it work in the functions and stuff too?

graemef · 05-03-2006, 09:41 AM

random numbers are essentially a list of numbers the seed positions yourself in a specific point in that list. What that means is that if you call srand with the same number you will be able to repeat the sequence of "random" numbers. This can be useful when testing and repeating specific test cases. However you typically want different numbers each time the program is run which is why srand is often called with a the time being passed into it. If between invocations of srand the time difference is small then there is a chance that the seed will go to the same point in the list, hence giving you the same sequence of numbers.

As Dark Helmet said you only need to call it once in your program.

microsoft/linux · 05-03-2006, 05:03 PM

ok, this is what my code looks like

Code:

#include <iostream>
#include <cstdlib>
#include <ctime>
#include <math.h>
#include <unistd.h>

using namespace std;

int rand_num();
char rand_letter();

int main()
{
	
	//set the seed, using system time, keeps it random
	srand((unsigned int)time(NULL));
	
	int randNum;
	char randLetter;
	int i;//counter
	
	randNum = rand_num();
	randLetter = rand_letter();
	
	for(i=0;i<5;i++)
	{
		cout << randNum<<  randLetter;// << endl;
	}
	
	return 0;
}

int rand_num()
{
	
	int number;
	const int SIZE = 10;

	number = (int)(10*(SIZE*rand()/(RAND_MAX+1.0)));
	
	if(number < 0)
	{
		number = number *-1;
	}
	
	return number;

}

char rand_letter()
{
	const int RANGE=51;
	int rand_num;
	char letter;

	rand_num = (int)(rand()%RANGE);

	letter = 'A' + rand_num;
	
	return letter;
}

when I run it I get

Code:

4[4[4[4[4[

graemef · 05-03-2006, 05:17 PM

Move your function calls to inside the loop

Code:

for(i=0;i<5;i++)
{
   randNum = rand_num();
   randLetter = rand_letter();
   cout << randNum<<  randLetter;// << endl;
}

graemef · 05-03-2006, 05:39 PM

I'd also suggest that you change rand_num to:

Code:

int rand_num(int start, int end)
{
	int number;
	number = rand()%(end-start+1)+start;
	return number;
}

and you'd then call it as follows:

randNum = rand_num(0,9);

if you wanted numbers between 0 and 9 inclusive

microsoft/linux · 05-03-2006, 05:40 PM

duh! Of course, thank you.That works now. Thanks again. How "cryptographically secure" is this method? Is there a more secure way to do this? Basically the point is to write a password generator.

microsoft/linux · 05-03-2006, 05:42 PM

Quote:

Originally Posted by graemef

I'd also suggest that you change rand_num to:

Code:

int rand_num(int start, int end)
{
    int number;
    number = rand()%(end-start+1)+start;
    return number;
}

and you'd then call it as follows:

randNum = rand_num(0,9);

if you wanted numbers between 0 and 9 inclusive

What is it that gets me? Does my code not do that?

graemef · 05-03-2006, 06:15 PM

Sorry don't get me wrong your algorithm does work, it's just that it relies on integer overflow {10 * rand()} and implicit typecasting {int/(int+double)}. Whereas the method I used achieves the same end result, it requires less instructions and is the common way to do it, which means that it is easier for others to understand.

microsoft/linux · 05-03-2006, 06:18 PM

oh, ok. So you're way is more proper. That makes sense. How about the "cryptographic security" of what I'm trying to do? It's intended as a password generator, and thus, should be as secure as possible. Other suggestions?

microsoft/linux · 05-03-2006, 06:21 PM

also, using your way, is there any reason I need to pass parameters to the function? Could I just specify the limits in the function, as opposed to passing the parameter?

EDIT: Actually, I found a reason for it. I needed to use the function in more than one place, thanks.

graemef · 05-03-2006, 06:46 PM

The security question.

If the person knows when the password was generated (to the second) then it could be compromised. Using gettimeofday() would make that harder because it get the time in microseconds.

But an easy way to counter it would be to create a password file. You generate say 100 passwords and store them in a secure file, when you need a new password you randomly select one from the file replace it with a newly generated password and return the "old" password. That is (of course) is only as secure as your file!

Another approach would be to generate 10 or so passwords, reset the seed and select one from the list. Again if you use gettimeofday() to seed the random number generator that would make it harder to crack.

Of course if the person who has the password writes it on a stickly note and attaches it to their computer screen...

microsoft/linux · 05-03-2006, 07:26 PM

well, right, but there's nothing I can do about the person being stupid with their passwords. How does having a password file make something more secure? I'll use gettimeofday() instead, more precise is better. Thanks for all of your help.

Which include statement do I need for gettimeofday()?

graemef · 05-03-2006, 07:33 PM

Quote:

How does having a password file make something more secure?

Just that you don't use the password that you generate at that time but one that was generated much earlier, so even if the person was able to guess the time that the password was generated that wouldn't help. But as I said if the password file is compromised then you are in trouble.

As an aside the security is not just the password but also what you do when someone fails to provide the correct password. Do you lock them out (I'd hope so), if so after how many attempts? How can someone get back in?