I need weak entropy. I know I can use a unified buffer, but if I just need an integer, will its address suffice?

Question

I need weak entropy. I know I can use a unified buffer, but if I just need an integer, will its address suffice?

I am on Linux that has address space allocation randomization. Is it necessary to declare a buffer on the stack, leave it uninitialized and use it for entropy, or can I just take the address of something already on the stack, apply it to an integer and (knowing that it is somewhat random due to solving the randomization problem of the place placement), use this integer for entropy instead?

The pointer approach has the advantage that it does not generate any compiler warnings, since the unified buffer does this when trying to manipulate it, but in my tests it seemed only the bottom of the address (maybe the last byte or two) will change from call to call. The entropy buffer seemed even worse, often containing nothing.

+3

c entropy

Modest Dec 6 '09 at 10:12

source share

5 answers

, -, - , - - . , . , , .

, /dev/random - . , time() (time.h), .

, , , - . , , . - , /dev/random.

+3

Matt Ball 06 . '09 23:15

/dev/random?

. . . .

+2

Tomek Szpakowicz 06 . '09 22:18

What exactly do you mean by weak? The canonical source of entropy in C (for non-cryptographic purposes) is timefrom <time.h>.

Access to an uninitialized variable is undefined behavior and can have unpredictable consequences for some platforms. Do not do this.

+1

avakar Dec 6 '09 at 10:18

source share

Why don't you read a few bytes from /dev/randomor /dev/urandom?

+1

pmg Dec 6 '09 at 10:19

source share

Tj crowder · Accepted Answer · 2009-12-06T22:18:24+0000

If you need weak entropy on Linux, why not read it /dev/urandom? This is a non-blocking option /dev/randomthat is smaller ... random (but, again, non-blocking).

I need weak entropy. I know I can use a unified buffer, but if I just need an integer, will its address suffice?

More articles: