Page MenuHome GnuPG

Random numbers from gpgme
Testing, HighPublic

Description

Having an api in gpgme(++) where I can request n random quality integers between x and y for generating strong passwords and others would be nice.

Event Timeline

Why do you need an integer - for real random this must be larger than 64 bits and then you have problems to to find a suitable type for a variable.

What I would like to be able to do would be:

string createPassword(int length) {
     string alphabet = "abcdefg..ABCDEFG..123-_<>l...";
     integer_list randomnumbers = context.get_random_numbers(length, 0, strlen(alphabet));
     string password;
     for (int i : randomnumbers) {
         password.append(alphabet[i]);
     }
     return password;
};

without having to get correct the cornercases of chopping bits into whole numbers and scaling them down in a sane and secure way.

werner triaged this task as Normal priority.Sep 6 2023, 12:20 PM
werner added a project: gpgme.

It might actually be useful to have an random number API in gpgme. When we do that we can also add a way t search for random numbers with an upper limit in each octet.

werner raised the priority of this task from Normal to High.Oct 18 2024, 12:34 PM
werner added a project: vsd33.

(ignore the last commit, I assigned the wrong task to it)

New API gpgme_op_random_bytes is now in master (gpgme 2.0). Use tests/run-genrandom --help for testing. Extra features will come soon.

werner changed the task status from Open to Testing.Fri, Mar 14, 1:09 PM
werner moved this task from Backlog to QA for next release on the gpgme board.

BTW, do we really need a C++ API for this? Might make sense due to the need for a context.