Author Topic: Final version of random pad generator.  (Read 879 times)


  • Administrator
  • Member
  • ******
  • Posts: 7308
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Final version of random pad generator.
« on: June 23, 2019, 03:52:24 PM »
I have posted the final version here to avoid any further silly comments. To use the tool, run it from the command line with no arguments and it will display the required syntax. It is a simple 2 argument command line. Here are the release notes that are worth reading if you want to create large random pads.

The application "randpad.exe" is designed to perform 2 tasks,

    1. Produce an encryption standard random pad of a user specified size.
    2. To produce a random pad that is nearly impossible to duplicate.

The first has many different applications, the second is mainly used for excryption purposes.

The random pad is produced using an integer pseudo random algorithm that tests well in a single pass.
This algorithm must be seeded before it runs. The seeding algorithm used the low DWORD of the
RDTSC Read Time-Stamp Counter mnemonic and loops through a rotate / xor technique to ensure that a
full 64 bit integer is produced. It each iteration of the algorithm, the RDTSC result is BSWAP
reversed to get the fast changing end of the result.

While computers are fundamentally deterministic, no 2 computers run at exactly the same workload
or use the identical hardware so while the RDTSC technique is tied to the QWORD range of integers,
it would be near impossible to reproduce the same input data and as the method is repeatedly looped,
the complexity would effectively exclude reproducing the same seed.

When the pseudo random algorithm is run using a single seed, it is vulnerable to a QWORD range brute
force attack and to address the vulnerability, the pseudo random algorithm is reseeded at random
intervals to ensure that no single seed can reproduce the random pad.

This technique is harder to break but it can be attacked at a much higher workload to get partial
reproduction of the pad which can then be repeated until more of the pad can be reconstructed.

To address this potential problem, the random data is subjected to a second XOR pass using a
similar but not identical pass that reseeds at a different range of intervals. This protects the
generated pad from any single QWORD sized seed when trying to reproduce the random pad.

The application is a 64 bit PE executable and can routinely write any size pad up to the limitation
of available memory but it comes at the price that if you exceed available memory the operating
system will lock up and must be restarted with a hardware reset. In every instance the requested pad
size must be less than the computer's available memory.

To further complicate the problem, Windows use a "lazy write" system that takes time to write all of
the data to disk and while that lazy write is occurring, the available memory is less that is
normally available when no lazy write is taking place. If you attempt to generate another pad that
is up near the size of normally available memory, you will lock up the computer again and require a
hardware reset.

This is generally not a problem with smaller pads, very large pads are a specialised requirement
the some people have, in most instances, much smaller pads are commonly used.

NOTE : The latest version of John Walker's ENT random analysis tool is include but it is only
useful up to just under 2 gigabytes as it is a 32 bit application that is limited in the range
of memory it can address.

You can analyse the output on a 1 gigabyte pad by running the batch file "test1gig.bat".
hutch at movsd dot com    :biggrin:  :skrewy: