I need to port some software to a platform which only has the standard ANSI C runtime and some POSIX functions. The software generates random numbers for password-encrypting ZIP files by reading from /dev/urandom. On Windows the software generates random numbers by using CryptGenRandom(). Since both functions are not available on my target platform, I have to find alternatives.
I came up with this to fill buffer with length random bytes:
bool zip_random(zip_uint8_t *buffer, zip_uint16_t length)
{
srand(time(NULL));
while(length--) *buffer++ = rand() % 256;
return true;
}
This does the job but since the function is used in a cryptography context, I don't know if it's a good idea to use the old srand and rand functions. That's why I'd like to ask the question whether my approach is acceptable or if there is a better solution to the problem.
Aucun commentaire:
Enregistrer un commentaire