Pseudorandom Numbers

The CDK provides methods for generating pseudorandom numbers and for deriving symmetric keys from passwords.

While class PRNG can be used direectly for greatest efficiency, the global functions cdk::getrand1() and cdk::getrand2() simplify access to the CDK's pseudorandom number generation routines.

The function cdk::getrand2() calls cdk::PRNG::gens() to obtain FIPS 140-1 compliant pseudorandom numbers and should be used for all cryptographic purposes. The implementation of cdk::getrand2() is given as follows:

cdk::str getrand2(int n)
  PRNG prng;
  return prng.gens(n);

The faster cdk::getrand1() function provides non-FIPS 140-1 pseudorandom numbers suitable for non-cryptographic uses.

For convenience, the samples provided in the "Cookbook" section of this documentation regularly make use of cdk::getrand2(). However, this approach may not provide the best performance for your application. cdk::getrand2() is slow because it gathers complete system state information with each invocation (i.e., with each instantiation of the temporary PRNG object). A more efficient approach is to instantiate a single cdk::PRNG object and to call its cdk::PRNG::gens() method whenever pseudorandom numbers are required. For more details on this issue, see the documentation on class cdk::PRNG.

The next topic is Implementing a Simple TLS Client.

ISC Cryptographic Development Kit - User's Guide
ISC website
Questions? E-mail ISC technical support
Copyright© 2002-2006 Information Security Corp. All rights reserved.