0

I'm looking to encrypt license keys on an audio software plugin. The biggest risk to the integrity of the license keys is small-time crackers decompiling the code and looking for the encryption key. My solution is to store an arbitrary number in the code and feed it to an algorithm that will obfuscate the encryption key while still allowing me to differ the key between projects (I'm a freelancer).

My question is - will seeding the C++ random number generator create the same psuedo-random encryption key every time, or will it differ between runs, libraries, etcetera. It's fine if it differs between operating systems, I just need it to not differ between SDKs and hosting softwares on the same computer.

Isaac Roberts
  • 31
  • 4
  • 1
    To be really cryptographically safe, you'll need a hardware device which measures cosmic radiation, or soume outher source of true randomness. In principle even the better algos like mersenne twister or such can be cracked with enough computing power. I'd recommend to use a (non standard) library specialized for encryption, there's a number available, which support bigger numbers to calculate the hashes. You can have up to 128 (or even more? idk) bits, which will be fairly hard to crack. – πάντα ῥεῖ Dec 28 '20 at 22:15
  • 3
    Reopened. **Read the question.** it’s not about the quality of the generator. It’s about reproducibility. – Pete Becker Dec 28 '20 at 22:19
  • 1
    _rand() Considered Harmful_ - Stephan T. Lavavej - https://channel9.msdn.com/Events/GoingNative/2013/rand-Considered-Harmful – Richard Critten Dec 28 '20 at 22:20
  • @πάνταῥεῖ: MT is not suitable for cryptographic purposes at all, but there are others (e.g., [Blum-Blum-Shub](https://homes.luddy.indiana.edu/kapadia/project2/node11.html)) that are. Most block encryption algorithms can be run in counter mode to act as cryptographically secure generators as well. – Jerry Coffin Dec 28 '20 at 22:22
  • @PeteBecker Which boils down to the same in practice. But as you like :-P. I'll provide the links I used to close here: https://stackoverflow.com/questions/44867500/is-stdrandom-device-cryptographic-secure https://stackoverflow.com/questions/58067210/is-it-acceptable-to-use-rand-for-cryptographically-insecure-random-numbers – πάντα ῥεῖ Dec 28 '20 at 22:22

1 Answers1

5

srand and rand will produce the same sequence of numbers when you use the same implementation. Change compilers, even to a newer version of the same compiler, and there are no guarantees,

But the new random number generators, introduced in C++11 and defined in <random>, are requires to generate the same sequence of numbers on all implementations.

Pete Becker
  • 74,985
  • 8
  • 76
  • 165
  • 1
    However, the various *numerical distributions* (including `std::uniform_int_distribution` etc..) are not guaranteed to give the same results in different implementations. _(Worth bearing in mind)_ – Galik Dec 28 '20 at 23:21
  • 1
    Also neither (s)rand nor are suitable for cryptographic purposes. is great for Monte-Carlo simulations and similar things. – doug Dec 28 '20 at 23:41