creating random int by rand

Question

I want to write a cryptography application and need a function to create an iv. to create that iv i want to use rand() (even if thats not secure, i want to rewrite most parts of the code later anyway). That leads me to my problem: rand() does only return values from 0 to RAND_MAX (on my machine RAND_MAX is 32767), and i don't know if i could use code like this if RAND_MAX >= 65535:

void generate_iv(unsigned char* char_buf, int len){
    union { //treat char_buf like a short_buf
        unsigned char* char_buf;
        unsigned short* short_buf;
    }
    int i;
    for (i = 0; i < len / 2; i++){ //fill short_buf with random values
        short_buf[i] = (unsigned short) rand();
    }
    if (len & 0x01){ //could not fill char_buf with 2-byte short values completely
        char_buf[len - 1] = (unsigned char) rand();
    }
}

Of course this will compile easily on every machine, but it wont work on machines where RAND_MAX < 65535, because then the function does not fill every bit.

Code that would always work is:

void generate_iv(unsigned char* char_buf, int len){
    int i;
    for (i = 0; i < len; i++){
        char_buf = (unsigned char) rand();
    }
}

This code should work without problems, but it is not effective as the code above. My question is: Is there any optimum beetween effiency and portability in this case and is there maybe a more secury way (which could be easy to implement) to produce random numbers or a way to get random numbers with a constant size?

creating random int by rand

Answers (1)

Related Questions