[Cryptography] Removal of spaces in NIST Draft SP-800-63B
Jonathan Thornburg
jthorn4242 at gmail.com
Sat Apr 8 16:07:06 EDT 2017
On Sat, Apr 08, 2017 at 02:09:39PM +1000, Jason Richards wrote:
> Jonathan Thornburg:
> > dd if=/dev/arandom bs=50 count=1|alphanumeric.encode
>
> What is this "alphanumeric.encode" you speak of?
>
> I do something similar, piping to 'openssl base64', which unfortunately
> produces output without a whole lot of entropy, although it usually
> satisfies at least three and often all four of the standard password
> character sets.
>
> Is there something specific you use to convert to human-readable output?
alphanumeric.encode is a quick-n-dirty perl program I wrote to convert
random binary data into random characters from [a-zA-Z0-9] or [a-z0-9]:
[[I don't know if (short) code is appropriate for the cryptography mailing
list -- if our Esteemed Moderator wants to reject this that's fine, and
I'll mail the code privately to anyone who wants it.]]
#!/usr/bin/perl -w
use strict;
use Getopt::Long;
my $false = 0;
my $true = 1;
########################################
my $help_msg = <<'EOF';
Usage:
dd if=/dev/arandom bs=100 count=1 | alphanumeric.encode
or
dd if=/dev/arandom bs=100 count=1 | alphanumeric.encode --lower-case
By default, this program encodes standard input binary-data into mixed-case
alphanumeric characgers ([a-zA-Z0-9]).
If the --lower-case option is specified, then this program encodes into
lower-case alphanumeric characters ([a-z0-9]).
EOF
#
# At present we do the encoding "by hand".
# FIXME: It would probably be better to not reinvent the wheel here,
# and instead use an existing Perl module such as Math::Int2Base
# or Math::Base::Convert.
#
# Mixed-case:
# Since 2*26+10 = 62, and 62**3 = 14776336 = less than 256**3 = 16777216,
# we can encode 3 chars (24 bits) of binary input into 4 base62 output
# characters. If we get an "unencodable" input 3-tuple we just discard
# it and try again with the next input 3-tuple.
#
# Lower-case
# Since 26+10 = 36, and 36**3 = 46656 = less than 256**2 = 65536,
# we can encode 2 chars (16 bits) of binary input into 3 base36 output
# characters. If we get an "unencodable" input 2-tuple we just discard
# it and try again with the next input 2-tuple.
#
########################################
my $debug = 0;
my $help_flag = $false;
my $lower_case_flag = $false;
GetOptions(
'debug=i' => \$debug,
'help' => \$help_flag,
'lower-case' => \$lower_case_flag,
) || die $help_msg; # *** ERROR EXIT ***
if ($help_flag)
{ print $help_msg; exit; } # *** --help EXIT ***
########################################
my $N_in = $lower_case_flag ? 2 : 3;
my $in_base = 256;
my $in_limit = $in_base ** $N_in;
my $N_out = $lower_case_flag ? 3 : 4;
my @out_alphabet = $lower_case_flag ? (0..9, 'a'..'z')
: (0..9, 'a'..'z', 'A'..'Z');
my $out_base = scalar(@out_alphabet);
my $out_limit = $out_base ** $N_out;
if ($debug > 0)
{
print "in_base=${in_base} N_in=${N_in} ==> in_limit = ${in_limit}\n";
print "out_base=${out_base} N_out=${N_out} ==> out_limit = ${out_limit}\n";
}
binmode(STDIN);
my $count_on_line = 0;
my $buffer;
while (my $N_read = read(STDIN, $buffer, $N_in))
{
if ($N_read != $N_in)
{ last; } # *** LOOP EXIT ***
my @in_chars = split(//, $buffer);
my @in_digits = map {ord($_)} @in_chars;
# integer in [0, $in_limit)
my $N = $lower_case_flag
? $in_digits[0] + $in_base*$in_digits[1]
: $in_digits[0] + $in_base
*($in_digits[1] + $in_base*$in_digits[2]);
if ($debug >= 6)
{ print "in_digits=(",join(',', at in_digits),") ==> N=${N}\n"; }
if ($N >= $out_limit)
{
if ($debug >= 6)
{ print " N > out_limit ==> try again\n"; }
next; # *** LOOP CONTROL ***
}
my @out_digits = ();
for (my $i = 0 ; $i < $N_out ; ++$i)
{
my $d = $N % $out_base;
$N = int($N / $out_base);
push @out_digits, $d;
}
if ($debug >= 6)
{ print " out_digits=(",join(',', at out_digits),")\n"; }
my @out_chars = map {$out_alphabet[$_]} @out_digits;
$count_on_line += $N_out;
if ($debug >= 6)
{ print ' :',join('', at out_chars),":\n"; }
else { print join('', at out_chars); }
if ($count_on_line >= 60)
{
print "\n";
$count_on_line = 0;
}
}
More information about the cryptography
mailing list