Hasard profile list

Hasard library uses profiles to choose the best number generator and seed engines depending on your needs and the available engines. Each operating system provides differents engines, like devices like /dev/urandom for UNIX and BSD, and CryptGen for Windows. Hasard tries also to load dynamic libraries like OpenSSL or gcrypt to get strong, cryptographic, well tested, generators.

This document is a list of available profiles with the usage and the list of engines used by each profile. Some profiles have multiple engines: Hasard tries each engine one by one, until an engine can be used (ie. initialization success).

HASARD_FAST

Usage

HASARD_FAST uses the fastest number generator and a fast non-blocking seed engine. You can use this profile for games or simulations.

Don’t use it for security applications!

Engines

  • rng: mersenne_twister
  • seed: cryptgen, dev_nonblocking, openssl_secure, gcrypt_strong or dev_blocking

HASARD_SECURE_NONBLOCKING

Usage

HASARD_SECURE_NONBLOCKING is a secure non-blocking random number generator. It can be used to generate:

  • password
  • initialization vector (IV)
  • session identifier
  • nonce

But don’t use it for certificates.

Engines

  • rng: openssl_secure, gcrypt_strong, cryptgen, dev_nonblocking
  • seed: (same engines than rng)

hasard_new(HASARD_SECURE_NONBLOCKING) uses the engine “zero” for the seed because none of the RNG engines use the seed. It is not necessary to load an engine twice.

HASARD_SECURE_BLOCKING

Usage

HASARD_SECURE_BLOCKING: Secure blocking random number generator. It can also be non blocking depending on the available engines. It can be used to generate certificates (eg. RSA secret key). It may block until it gets enough entropy (eg. keyboard strokes, mouse movements, hardware interruptions, etc.).

Engines

  • rng: gcrypt_very_strong, openssl_secure, dev_blocking
  • seed: (same engines than rng)

hasard_new(HASARD_SECURE_BLOCKING) uses the engine “zero” for the seed because none of the RNG engines use the seed. It is not necessary to load an engine twice.

openssl_secure is non blocking, other engines are blocking.

HASARD_HARDWARE

Usage

HASARD_HARDWARE: True hardware random number generator, blocking device. Most secure generator, but also the slowest. You might use it to generate passwords or certificates, but it is better to use it to seed another faster cryptographic generator.

Engines

  • rng: dev_hardware
  • seed: (same engines than rng)

hasard_new(HASARD_HARDWARE) uses the engine “zero” for the seed because none of the RNG engines use the seed. It is not necessary to load an engine twice.

HASARD_TEST

Usage

HASARD_TEST is reserved for Hasard internal tests! It only generates zeros.

Engines

  • rng: zero
  • seed: zero