4

Suppose you have an infinite list of random bytes, and you select the first N bytes that correspond to printable ASCII characters. Is this list of N bytes still as secure (e.g. for the purpose of a crypto secret or salt) as accepting all of the bytes (printable ASCII or otherwise)?

I am basically asking whether this code has any cryptographical weakness:

https://github.com/opscode/cookbooks/blob/master/openssl/libraries/secure_password.rb#L26

(Assuming that the output of OpenSSL::Random.random_bytes(1) is indeed random.)

jonleighton
  • 143
  • 2
  • 3
    The entropy of random printable ASCII bytes will be smaller than the entropy of random bytes, of course (you'll have only a bit less than 7 bits per byte instead of the full 8 bits). So you need more bytes at all to get the same security. – Paŭlo Ebermann Mar 22 '12 at 19:36

1 Answers1

7

Already answered here: https://stackoverflow.com/questions/471157/is-a-subset-of-a-random-sequence-also-random , take a look at all the answers.

But, saying in other words:

If you have a list of random bytes, any selection you make in that list will be random as well, according to your selection criteria.

Examples:

  • if you choose every 3rd element, you'll end up with another random list;
  • if you pick up all the elements that are smaller than any
    value, you'll end up with a list with random elements smaller than
    your criteria;
  • if you choose to pick up the first 10 elements, you
    have 10 random values;
  • ... and so on.
Community
  • 1
woliveirajr
  • 1,152
  • 13
  • 17
  • +1 If you reduce your selection to one byte, or a series of bytes, I imagine you wouldn't have any difficulty assuming that was random? – msanford Mar 22 '12 at 20:54