2

In C++ we can generate true random numbers (if your hardware supports) with random_device. And i am writing a implementation of One-time Pad algorithm with C. Is there a way to generate true random numbers in C? I writing with C for speed and some another reasons. If i use a PRNG, it is will be unsafe. 

char *KeyGenerate(unsigned long long StringLength)
{
    std::random_device TrueRandomNumberGenerator;
    char *Key = (char *) malloc(StringLength + 1);

    for(unsigned long long I = 0; I < StringLength; I++)
    {
        Key[I] = TrueRandomNumberGenerator();
    }
    Key[StringLength] = '\0';

    return Key;
}
Ibrahim Ipek
  • 479
  • 4
  • 13

3 Answers3

3

The C standard library is very very tiny. To get true random numbers, you will need to use OS-specific APIs.

In Linux systems, you can get a stream of cryptographically-strong random bytes from the /dev/urandom file.

hugomg
  • 68,213
  • 24
  • 160
  • 246
  • Is there a more portable way to do this? – Ibrahim Ipek Aug 12 '16 at 19:50
  • 2
    /dev/urandom also works on BSDs and MacOS. If you also need your code to work on windows then I imagine you will have many other issues other than the random numbers. Are you using any sort of library for portability? – hugomg Aug 12 '16 at 19:53
  • Actually it is only a console application. I use only standard C library. Windows is not a matter. – Ibrahim Ipek Aug 12 '16 at 19:56
1

As noted on Linux you have to read /dev/urandom. On WIndows alternative would be to use CryptGenRandom

This is what is done in Python, I believe - API calls /dev/urandom based code on Linux, but CryptGenRandom on Windows.

Don't know enough about OS X

Severin Pappadeux
  • 18,636
  • 3
  • 38
  • 64
0

C uses a PRNG (pseudorandom number generator) so you can't really get true random numbers.

Since your code is generating a bunch of random numbers, you could simply:

srand(time(NULL));
int r = rand();

where srand(time(NULL));

will go above the for loop. This way you seed once, then generate your random numbers

FreeStyle4
  • 272
  • 6
  • 17
  • 1
    The rand() function generates predicatable random numbers. OP specifically said that they want cryptographically-safe random numbers. – hugomg Aug 12 '16 at 20:01
  • 1
    I'm very unhappy with this answer. It was asked to obtain *true random numbers* (for a reason) and this just fails it completely (which is dangerous in this context). (I also can't understand the upvotes) – sascha Aug 12 '16 at 20:01
  • @sascha OP asked if you could generate true random numbers in C and I said no you can't. Nothing in his post, mentioned cryptographically -safe random numbers. – FreeStyle4 Aug 12 '16 at 20:10
  • The srand example was more to show that you can "increase" randomness – FreeStyle4 Aug 12 '16 at 20:11
  • (1) Apparently it is possible (using some system-api like in hugomg's answer or even adding your own soundcard-driver to obtain entropy combined with some randomness-extractor) (2) Saying "you can't" (even if it's true) and then recommending something which is just completely different (and without discussing the danger) is kind of funny. (3) The first sentence in your post is also true for C++ (where the OP already got a solution; or most other programming-languages) but it doesn't matter here. (4) The srand increases randomness, but not really unpredictability, which is important here. – sascha Aug 12 '16 at 20:16
  • (5) One-Time-Pad surely links to Crypto (where true or unpredictable random-numbers are ubiquitous) :-) – sascha Aug 12 '16 at 20:18