Introducing pcsprng

Question

Introducing pcsprng

Matthew Smith

What is pcsprng?
It stands for Personal Cryptographically Secure Pseudo-Random Number Generator.
pcsprng takes a private and a public byte-string and constructs a csprng from it.
The pcsprng cli supports outputting raw bytes and choosing values from a user provided list.

For what purpose?
You can generate passwords and keyfiles all from a single master password. In that case the private string is your master password and the public string is whatever you are creating a password/keyfile for.

Password generation example: pcsprng --public reddit.com choose --file path/to/wordlist --security 128
Keyfile generation example: pcsprng --public /home bytes --count 4096 >keyfile.bin

Security
pcsprng is written in rust and uses state of the art cryptography.
ChaCha20 was chosen for the csprng.
Sha3-256 was chosen to generate a seed for the csprng from the private and public strings.

How do i build it?
Install rust v1.17.0 and cargo. (rust-lang.org/en-US/install.html)
Clone or download the repo and run cargo build --release. The binary will be target/release/pcsprng.
You should also consider installing pinentry. (gnupg.org/software/pinentry/index.html)

Current status
The way the csprng works is stable. The crypto primitives are tested against testvectors.
The cli is in development. Its interface might change.

github.com/InaneBob/pcsprng

May 22, 2017 - 07:04

Other urls found in this thread:

blog.cr.yp.to/20140205-entropy.html
twitter.com/SFWRedditImages

Adam Flores

"install rust/go" is the new "install java"

May 22, 2017 - 07:42

Jacob Young

seriously nigger, your repo is two hours old and you already shill it here?
fuck off

May 22, 2017 - 07:56

Justin Peterson

thx for the feedback guys. i will add you to the CONTRIBUTORS.txt.

May 22, 2017 - 07:58

Owen Evans

I'm stupid what is this software for exactly

May 22, 2017 - 09:01

Adrian Robinson

...

May 22, 2017 - 09:31

Eli Baker

...

May 22, 2017 - 09:33

Brandon White

It's tail-wagging-the-dog-ware. `cat /dev/urandom` gets you the output of a ChaCha20 PRNG too, only it's properly seeded.

May 22, 2017 - 09:52

Parker Scott

fucking lol. reseeding a csprng is not a smart thing to do. especially not when you are getting your seeds from a intel backdoored cpu.
blog.cr.yp.to/20140205-entropy.html

May 22, 2017 - 09:55

Juan Scott

btw the point of pcsprng is that if you lose/forget your password/keyfile you can just generate it again. if you create a keyfile from urandom for your encrypted hdd and you lose, all you terabytes of animoo porn are gone.

May 22, 2017 - 10:01

Dylan Gonzalez

also
just

May 22, 2017 - 10:09

Julian Green

i wrote a program in rust to generate trips.

May 22, 2017 - 10:11

Jaxson Powell

same

May 22, 2017 - 11:53

Thomas Thomas

savage :^)

May 22, 2017 - 12:02

Cooper Reed

epic non-trips right here

May 22, 2017 - 12:05

Blake Cook

what does this do? Given a master password, it will give the same output for "reddit.com" no matter what computer I generate it from? Great so now I have a master password I can go use on 20 different public computers and this is perfectly fine because it's 2015, and my security model is still literally: le hashes and shit checkmate hackers.

May 22, 2017 - 13:05

Ryder Walker

yes. what are you trying to say with "le hashes"?

May 22, 2017 - 13:09

Brayden Evans

Could you post pseudocode of your algo for generating these passwords? Just because you use secure primitives doesn't mean the end result is secure.

May 22, 2017 - 14:01

Asher Reyes

not being disciplined enough to know how to correctly code in C
using centralized shit instead of gitlab

May 22, 2017 - 16:27

James Barnes

Top kek matey

May 22, 2017 - 19:56

Matthew Sanders

pcsprng uses chacha20 as its csprng. the key for chacha20 is computed as follows:
constant VERSION = 1;key = sha3-256(LEB128(VERSION) || private || LEB128(len(private)) || public || LEB128(len(public));
|| is byte string concatenation.
since there is no use for a nonce pcsprng uses it to extend the position bits to 128 bit.

gitlab is also centralized faggot

May 23, 2017 - 01:16

Jordan Perry

If I wanted a password-based key, I'd use a password-based key derivation function, not some Jenga-tower software stack and random github code.

May 23, 2017 - 08:36

Brody Jones

pbkdfs are meant to strengthen a weak password by doing some expensive irreversible operation on it. just use a strong password and you dont need a pbkdf.
with pcsprng you only need one password and generate all your passwords/keyfiles (and maybe private keys) from it.

May 23, 2017 - 09:26

Elijah Foster

Like I said, it's 2015, so my password of nigger123 that I reuse on my bank and 10 forums is perfectly fine, because they use hashing algorithms with salt and 9000 iterations, and it's illegal to run a website without such hashing algorithms, plus everything's gone 2FA now, so even if they magically figured out a way to crack or intercept my password, they still couldn't log onto my shit.

But now that I have this tool, I can be even more secure! I can have unique strong passwords for all my sites and log into them from any machine without having to remember them! You may think using a master password on untrusted computers is a bad idea, but don't worry, they aren't saved to disk so it's super secure!

May 23, 2017 - 09:41

Connor Phillips

wtf are you even trying to say? of course doing shit on untrusted computers is bad.

May 23, 2017 - 09:44

Liam Campbell

...

May 23, 2017 - 09:46

Oliver Scott

ebin. i am a #cmissile now

May 23, 2017 - 10:05

Thomas Scott

I can do the same with password-store and be reasonably confident that the crypto code behind it is written by someone competent.

May 23, 2017 - 10:28

1 2 3 Next

Introducing pcsprng

Last threads