Re: Random String

Tor Rustad said:

Richard Heathfield wrote:

Andrea said:
Anyone could me suggest how to create a function that generates a
random string?

Here's one way you could do it:

That was rather a good example of why some application programmers,
should *NOT* implement security software.

I disagree. If I had been *trying* to implement security software, fine,
fair comment - but I wasn't. The OP asked how to generate a random
string. Others had *already pointed out* that the best he or she could
hope for in vanilla C was a *pseudo-random* string. I saw an
implementation elsethread that I considered a little clumsy, so I
figured I'd post something a bit better. I did not and do not claim
that it is cryptographically secure. If you want cryptographically
secure, don't use a PRNG to create passwords!

For the record, I think RH
already know, that we both can write a program which brute-force the
seed in "no" time.

For sufficiently large values of 0, sure.

I re-wrote your RandomString() function to this function (no malloc
and no '\"' and '\\' symbols):

$ cat rh_random.c
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <assert.h>
#include <string.h>

/* RH_Random: much FASTER version which DON'T malloc */
void RH_Random(unsigned char *str, size_t len)

Doesn't meet the interface spec.

{
/* do not include \" and \\ */
const char sym[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"%^&*()_-abcdefghijklmnopqrstuvwxyz"
"+=[]{}|,<.>/?";
size_t maxsym = sizeof sym / sizeof sym[0] - 1;
size_t i = 0;

assert(str);

Undefined behaviour in C90.

assert(len > 3);

while (i < len)
{
int r = (int) (maxsym * (rand() / (RAND_MAX + 1.0)));

Why the pointless cast?

<snip>

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999
http://www.cpax.org.uk
email: rjh at the above domain, - www.
.

Relevant Pages

  • Re: Random String
    ... random string? ... That was rather a good example of why some application programmers, ... If I had been *trying* to implement security software, fine, ... that it is cryptographically secure. ...
    (comp.lang.c)
  • Re: Brian Kernighan, maybe Im not worthy, maybe Im scum
    ... It's a critique of the "Beautiful" code authored by ... Rob Pike and discussed by Brian Kernighan in a new O'Reilly book. ... string, as we'll see, whence the scare quotes). ... C programmers claim that their language is unicode-aware because they ...
    (comp.programming)
  • Re: J4 - presentation/discussion on "Future of the COBOL Standard"
    ... programmers are opposed to dynamic structures. ... Suppose you're flying a kite and someone asks the size of the tether string. ... You say 1,000 meters. ... This seldom comes up in ODO discussions. ...
    (comp.lang.cobol)
  • Re: Latest on Windoze Navy software
    ... > it had defined a proper string type like Fortran and Basic, ... Well, I haven't used Fortran since F77, but base don that your now ... but because programmers don't really care. ... many 1979 BSD 4.0 systems do you think had any compiler other than the C ...
    (comp.os.vms)
  • Re: strlen(), K+1: clarification
    ... well -- both TR and TRT were notoriously slow instructions. ... even if the actual string being translated never ... Optimizing string retrieval for the DEC was to ignore Moore's Law, ... programmers use ...
    (comp.programming)