-
Encryption Key Generator
I wrote the following program to generate a random key file for use in an encryption program:
Code:
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char *argv[])
{
printf("Key noise collector");
if (argc < 2) {
printf("\nGenerates n bytes of noise, where n = # keystrokes you give it");
printf("\nUSAGE: keynoise [OUTPUT]");
return 0;
};
printf("\nAccessing output...");
FILE * output = fopen(argv[1],"wb");
if (NULL == output) {
printf("\nFile could not be opened for writing");
return 0;
};
printf("\nPOUND THEM KEYS\nPress ESC when done");
unsigned int sum;
unsigned int size = 0;
char k = getch();
while(k != 27) {
sum += k;
if (kbhit()) {
k = getch();
size++;
fputc((unsigned char) (sum % 256), output);
};
};
fclose(output);
printf("\n%u bytes generated",size);
return 0;
}
My question is, can anyone see a problem with the key generation system, or is it sufficiently random to guarantee a strong key?
-
Well it's not really all that random - as far as I can tell you're simply performing complex operations on user input and outputting it as the key. The complex operations-thing is a good idea - but you may want to start with the srand() and rand() functions. There are tutorials that teach you how to use those functions to generate results that are as random as possible.
-
The idea is that there are two sources of randomness here:
1. The stuff the user types.
2. How many cycles elapse between keystrokes.
Look at the while(k != 27) loop. It adds the value of the last key pressed to the sum over and over until another key is pressed, at which point we output (sum % 256) to the file as a character. The actual key pressed and the number of cycles between keypresses are both uncertain, which should create randomness.
-
Oh okay - your number 2 sounds pretty good - but I wouldn't rely too much on that number 1 :)
