[Cialug] Complete C source online
Morris Dovey
mrdovey at iedu.com
Wed Jul 24 14:58:55 CDT 2013
On 7/24/13 2:19 PM, Zachary Kotlarek wrote:
>
> On Jul 24, 2013, at 11:14 AM, Morris Dovey <mrdovey at iedu.com> wrote:
>
>> Hacker Alert!
>> I’ve just posted C source for code to provide what I think is fairly robust privacy for computer files at http://www.iedu.com/Documents/Privacy - As shown, the code provides 1024-bit privacy keys which can be increased to whatever level anyone might want.
>> For reference, the US government considers 256-bit keys adequate for sensitive information.
>
>
> I would not recommend the sort of key generation you propose in those documents. The best keys are evenly distributed across the entire key space; the ones you generate with the described method will have significantly less entropy than truly random keys, and will provide effective key lengths quite a bit smaller than the actual key length.
>
> Many (I'd even venture "most") modern motherboards and/or CPUs now have access to genuinely random data (quantum-driven thermal noise, for example) that can be used to create much better keys, and even without genuinely random data there are better techniques available for key generation.
Mostly true. I considered the gettimeofday() and similar options, and
tossed em out because of cross-platform inadequacies.
It’s always possible to put Humpty-Dumpty together again, but it does
make a practical difference whether he simply fell off the wall or was
reduced to molecule-sized pieces with a hammer.
I don’t have any interest in protecting state secrets - my intent is to
make it unreasonable to snoop billions social network exchanges,
e-mails, phone text messages, and SIM cards every day.
To that end, I’ll be happy to buy the next round of coffee (beer?) for
anyone in the LUG who improves significantly on my Q&D code, and offers
it up freely. :-)
More information about the Cialug
mailing list