π² Generating cryptographically secure random values in C and C++ β what are your options?
-
Generating cryptographically secure random values in C and C++ β what are your options?After writing about how secure random links work, a few people asked about the underlying libraries. So here is a quick overview.
libsodium is the easiest and most recommended choice. One function call, cross-platform, and built specifically for cryptography:randombytes_buf(buffer, size);
That is really all there is to it. libsodium picks the best available entropy source on the OS automatically.
OpenSSL / LibreSSL is the classic option. RAND_bytes() does the job and is available almost everywhere. Worth using if you already have OpenSSL as a dependency β otherwise libsodium is cleaner.
οΈ If you want no external dependency at all, go directly to the OS:Linux: getrandom() β available since kernel 3.17
macOS / BSD: arc4random_buf() β even simpler, no error handling neededBoth are solid choices for system-level code.
οΈ What about std::random_device in C++? It looks convenient but the standard does not guarantee cryptographic security. On some platforms it falls back to a predictable seed. Fine for games or simulations β not for security-critical code.So for anything security-related: libsodium or the OS primitives directly. std::random_device is a trap if you care about real randomness.
What do you use in your projects for secure randomness? Still rolling your own or already on libsodium?
#CPlusPlus #C #Security #Cryptography #libsodium #Infosec #SystemsProgramming
-
R relay@relay.infosec.exchange shared this topic
