![]() ![]() I also figure that people/companies like Google, Amazon, and almost literally anyone running Apache, nginx or any webserver that connects to the modern internet, and the rest of the world literally send thousands, millions, billions of pages and messages encrypted over the Internet. Maybe I'm wrong, but that is what I remember. I didn't go in and do mathematical voo-doo magic to predict the randomness, it just seemed super predictable, as it seemed to repeat, even after opening up multiple windows and closing and opening it again. Now, I have booted up LOVE2D a couple of times, I think it was with a thing that I coded as a test project for changing the background color to random colors (it would do a smooth transition-it was very nice to look at, and hypnotizing), but the color changes just seemed to repeat and be super super predictable by-the-eye. I just figured it would be safe to go with a CSPRNG, because it sounds more random than a regular RNG. MD5 is the simplest and fastest it supports, and the weaknesses of MD5 don't really apply to this kind of usage, so that would be a good choice.īut depending on the kind of purpose you want, that may be, as we say in Spain, "killing fleas with cannon shots". If it's used, say, to send a record to the high score table in a server, you can be fairly confident that no one is going to hire a cluster of cloud servers to break it so that they can send a fake score.Īs far as I know, LÖVE has no built-in encryption features, so the next best is either looking for an encryption algorithm in Lua or LuaJIT, or using one of the built-in hash functions in CTR mode as if it were an encryption algorithm. This does not necessarily depend on the state of the art with respect machine power and parallel processing, but also on weighing benefit vs. The key size should be chosen so that you can be confident enough that no one will attempt to brute-force it. A stream cipher is a CSPRNG with a secret seed and unpredictable output, which is XORed with the plaintext to obtain the ciphertext. That's what stream ciphers consist of, for example RC4 or any cipher algorithm in CTR mode. For normal usage, you can do with as much entropy as the desired key size, and then generate pseudorandom numbers based on that. However, by having as much input entropy as output bits, you ensure that each key must be independently brute-forced, and the key size DOES reflect the actual difficulty in cracking each key.īut that usage is very specific. If you're generating keys, and have, say, 64 bits of entropy, and use them to generate a series of 64 bit keys, then if an adversary manages to do an exhaustive search through all 64 bits, they have ALL keys at the same time (by applying the same algorithm as you used to derive the keys from the entropy). The main usage for which you need as much entropy as output bits, is key generation. But let me put the record straight on this. Ībout entropy: If you want it to be cryptographically secure, then yes, you need a source of entropy. LuaJIT departs from PUC Lua and implements its own generator, both for better quality and for cross-platform compatibility, but I don't think it's cryptographically secure either. I haven't tested it for repeated re-seeding, though, which is a weakness in many generators (so bad that Knuth changed his LFG based on my feedback in that respect, see. ![]() Love's PRNG is obviously not a source of cryptographically secure random numbers, but it's quite decent for game usage. I'm tempted to just run a command in Linux to fetch a random value, but that poses two potential problems: 1.) if the user has not installed OpenSSL, it will not work and 2.) if the user is running Windows.I don't know, but it would be a bad idea in my opinion. I have only found one Lua OpenSSL binding on the Internet, and wanted to know what your thoughts on it are. Now, I'm not a super-expert in math, so I don't understand how pseudo-randomness works, but I know that OpenSSL does a good job at making the randomness very unpredictable (even if you try predicting it with math, it is difficult). ![]() Since true randomness is hard to come by, you have to fake it. I've done a little bit of research a while ago about randomness, and I came across what is known as a CSPRNG (Cryptographically Secure Pseudo-Random Number Generator). Now, I know Lua has math.random and LOVE2D has, but I haven't really been impressed by either pseudo random number generator/algorithm. In my game, it would be super useful if I could get a really good randomness library. ![]()
0 Comments
Leave a Reply. |