randtok: Random Token String Generation in Scheme
License: LGPL 3 Web: http://www.neilvandyke.org/randtok-scheme/
| (require (planet neil/randtok:1:0)) |
1 Introduction
The randtok library is intended for generating random strings such as for secure authentication tokens for Web site session cookies.
randtok makes fairly efficient use of bits in a scarce random byte source like /dev/random. For example, an 8-character token consisting of only the lower-case Latin letters consumes only 5 random bytes, rather than 8. In a security sensitive application, efficient use of the source might be important when using effectively random data rather than a possibly predictable pseudorandom number generator (PRNG).
Note that this code has not been tested heavily.
| |||||||||||||||||||||
| port : any/c | |||||||||||||||||||||
| str : any/c | |||||||||||||||||||||
| len : any/c |
Returns a procedure that generats random token strings of length len, using characters from string str, with random numbers drawn from input port port.
| (define random-in (open-input-file "/dev/random")) |
| (define f (make-random-token-string-maker |
| random-in "0123456789abcdef" 10)) |
| f ==> <procedure:<random-token-string-maker>> |
| (f) ==> "7dd73b9ec0" |
| (f) ==> "1f7bc42210" |
| (close-input-port random-in) |
This is useful for using a single open file of /dev/random to generate multiple random token strings throughout the execution of a program. For example:
| (call-with-input-file "/dev/random" |
| (lambda (random-in) |
| (file-stream-buffer-mode random-in 'none) |
| (let ((randtok (make-random-token-string-maker |
| random-in "ABCD" 10))) |
| ... |
| (printf "Here is a random token: ~S\n" (randtok)) |
| ... |
| (printf "Here is another random token: ~S\n" (randtok)) |
| ...))) |
Note that you may wish to disable buffering of the input port, as is done above.
| (current-random-byte-file) → any/c |
| (current-random-byte-file x) → void? |
| x : any/c |
This parameter is a filename for a source of random bytes. It is used by procedure random-token-string. The default value is "/dev/random".
| (random-token-string len) → any/c |
| len : any/c |
This is a convenient procedure for generating alphanumeric random token strings, using upper-case and lower-case Latin letters and Arabic digits. The length defaults to 8. For example:
| (random-token-string) ==> "SW6gu2gw" |
| (random-token-string) ==> "9RjdZxyj" |
| (random-token-string 20) ==> "thCOmSte6OXWByxtn0G5" |
Note that reusing the output of make-random-token-string-maker will be more efficient in some cases.
2 History
Version 0.1 – 2009-06-07 – PLaneT (1 0)
First release.
3 Legal
Copyright (c) 2009 Neil Van Dyke. This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License (LGPL 3), or (at your option) any later version. This program is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See http://www.gnu.org/licenses/ for details. For other licenses and consulting, please contact the author.