Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can I use the address of argc in main as random source?

Tags:

c

random

pointers

argc

program-entry-point

I want to create a program which only needs one random number, so I try to use the address of argc in main function as random source because I think the location of the program in memory is random, and also it can save some include statements, so I tried:

#include <stdio.h>
int main(int argc,const char* argv[]){
    printf("%lu\n",(unsigned long int)&argv/sizeof(unsigned long int));
    return 0;
}

but I found the output at each time is not very "random": they are multiples of 4:

17591828907268
17591841542404
17591845040388
17591834556676

What is the reason? And is using address of argc as random number possible?

Then I try remove some bits of the address:

#include <stdio.h>
int main(int argc,const char* argv[]){
    printf("%lu\n",(unsigned long int)&argv >> 12);
    return 0;
}

it looks quite random this time, at least it has both odd and even numbers:

34359070631
34359034616
34359078055
34359080624

is that "correct" way to turn the address of argc into random number?

like image 451
ggrr Avatar asked Sep 25 '22 17:09

ggrr

2 Answers

What is the reason?

Alignment requirements for your architecture, which I assume is x86 and int is 4 bytes, which means each int should be aligned to an address that is divisible by 4 (which is exactly the behavior you're seeing).

And is using address of argc as random number possible?

Possible? Yeah, sure. You just go ahead and do it.

Is it a good idea? No, definitely not. See below for why.

Is that "correct" way to turn the address of argc into random number?

I assume by "correct" you mean a good source of entropy, and the answer to that is no.

There is some degree of address space layout randomization in modern operating systems, but it's not meant to be a good source of entropy. It's just meant to make it harder for someone to use a bug in your program as a security exploit. And there really aren't any guarantees about ASLR (you can turn it off in some operating systems if you really wanted to).

In short, you should not use the address of a variable as your source for entropy. It's just not a good source of randomness.

like image 85
Cornstalks Avatar answered Sep 28 '22 22:09

Cornstalks

If you really need randomness, you should use one of:

  1. /dev/random

  2. /dev/urandom

    For info on these two, see How to use /dev/random or urandom in C?

  3. srand()

    Info on seeding srand() is here: Recommended way to initialize srand?

  4. An external library specifically designed for it.

    Some info here A good random number generator for C

like image 31
John Hascall Avatar answered Sep 29 '22 00:09

John Hascall
Sign in to Comment

Related questions

How to deal with massive numbers in C
How to force processor to use result of expression before pasting
Asm variable in C code
Why does `.` and `..` have different inode numbers inside `/` on a Mac?
Why is sigwait() MT-safe but sigsuspend() is not?
Open Mp nested parallelism
How do you link (reference) a member of a structure using Doxygen?
Is it possible for a program to capture SIGTERM generated by the exit system call?
When left shift isn't the same as multiply by 2
C - Pass multiple function addresses as parameters in a variadic function
The best way to shift a __m128i?
Indentation of preprocessor statements in C
Coding printf with array of function pointers
Using ENUMs as bitmaps, how to validate in C
What default libraries are taken while compiling C project with GCC
Why is a level of indirection needed for this concatenation macro?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!