Hi,
Im after some help with working out how to generate a secure password, using portable C.
The password will be N characters long, and can consist of a user specified set of symbols, eg, upper case, lower case, numbers, symbols etc.
Entropy will be collected from mouse movement over a set time period maybe put this through an SHA hash to use as a seed?
Where do i go from here security wise?
So i will have my symbol set, something like:
char sym_set[N] = 'abcd...";
Then I need to generate a 'secure' random number, based upon the entropy ive collected as a seed, then simply use that number to find a symbol from the above sym_set array. Is that the right approach?
Is the C rand() function good enough to do this properly with my entropy hashed as a seed? I remember hearing once that rand() isnt exactly great, and it might be possible to pre-compute a list of all random nums it can generate? Is this bull or is there some truth to it, i know rand isnt a cryptographically secure random number generator, but is it good enough for this task?
Thanks,
Jack
Im after some help with working out how to generate a secure password, using portable C.
The password will be N characters long, and can consist of a user specified set of symbols, eg, upper case, lower case, numbers, symbols etc.
Entropy will be collected from mouse movement over a set time period maybe put this through an SHA hash to use as a seed?
Where do i go from here security wise?
So i will have my symbol set, something like:
char sym_set[N] = 'abcd...";
Then I need to generate a 'secure' random number, based upon the entropy ive collected as a seed, then simply use that number to find a symbol from the above sym_set array. Is that the right approach?
Is the C rand() function good enough to do this properly with my entropy hashed as a seed? I remember hearing once that rand() isnt exactly great, and it might be possible to pre-compute a list of all random nums it can generate? Is this bull or is there some truth to it, i know rand isnt a cryptographically secure random number generator, but is it good enough for this task?
Thanks,
Jack
