Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    .
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2002
    Posts
    296
    Rep Power
    12

    rubbish/garbage values


    i've always found the idea of the 'garbage' values quite interesting - the values that variables have before initialisation. is there any use for them? maybe in creating random numbers, which seems to be quite a hard thing to do? - creating true random numbers? am i right in thinking that the garbage values are the values that the memory had before your code came along? if that is the case why aren't they usually just 0? are they the remnants of another app maybe? do they depend on which platform you're on?

    Code:
    main()
    {
    	int x, array[100];
    	for(x=0; x<100; x++)
    		printf("%d ", array[x]);
    }
    Code:
    -1073742660 -1073742664 0 -1073742668 -1073742672
    -1880833760 13788 -1881090976 -1073742752 0 -1881090472 0 1539
    4096 -1073742304 -1881061032 -1073742752 -1879004448
    -1880824864 -1881060560 -1073742752 -1073742296 -1881060552 0
    -1073742736 72 -1881051448 2051 1539 0 0 0 0 8228 13668 14185
    -1880833760 -1879004448 -1880824864 -1881080400 -1073742624
    -1880838348 -1881078908 -1880833760 -1073742656 0 -1073742308 8
    1 1140850688 0 0 0 0 0 8 1 -1073742296 -1073742304 -1881066664
    -1878034140 -1880838725 -1880833760 -1880833760 -1073742576 0
    -1073742308 8 1 -1073742296 -1073742304 -1073742624 -1073742496
    0 -1881141568 -1879018832 -1073742496 1795 -1879018592 6900
    -1073742496 -1073742296 6932 7368 -1073742496 0 -1881052852
    -1073742432 -1880849072 -1880848696 -1880849072 47 8057 0 0
    -1073742296 -1881066684 0 -1073742308 8
    ___________mac os x
  2. #2
  3. not a fan of fascism (n00b)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Feb 2003
    Location
    ct
    Posts
    2,756
    Rep Power
    95
    i believe that they are whatever was stored in memory location previously, but im not 100% sure. and to create true random numbers every time a program runs, try this:

    #include<ctime>
    #include<cstdlib>

    srand(time(0));
    x = rand();

    -using the time() func. gets a the seed from the current time on the computer clock, thus making it true randomness.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    are they the remnants of another app maybe?
    hopefully not! this would be a big time security problem...

    do they depend on which platform you're on?
    definitively.
    on the one hand i doubt you can predict them, on the other - donīt use them for creating random values. maybe for seeding the random number generator, but still, they might be the same after each reboot... (never tried anything like that, by definition they are "undefined", thus donīt rely on anything related to them. not on them being the same nor on them being different.)
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2003
    Location
    Right Coast
    Posts
    25
    Rep Power
    0

    they are remnants


    The garbage value is whatever was there before. An OS is not going to bother "sweeping" a memory location clean, but rather registers the fact that an area is again available to be used.

    There is not much you can do about leaving data behind, in terms of another app, unless YOU explicitly clear data values to NULL (\0) or 0 on your way out. Even this suggestion is dubious as you can never tell where the OS is going to plunk your binary in memory.

    J
  8. #5
  9. No Profile Picture
    .
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2002
    Posts
    296
    Rep Power
    12

    Re: they are remnants


    The garbage value is whatever was there before.
    makes sense. what else would they be? so in posting those values above, i could have made something very personal public. oh well.

    hmm, they don't seem quite so fascinating to me, now their mystique has been removed. but still interesting.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    Does this also mean: For any variable that contains sensitive information like passwords, you really should overwrite it with "0"s after you don't need it anymore?

    I think: I write a program. It scans for strings in the whole memory area it can access. In a shared-hosting environment eg., would i find other people's passwords and program code then?
    ... scary ... really scary ...

    I never thought about this before... I need to check this for the apache web server / php interpreter, maybe this needs to be added to "#1 security measures". Does anyone know if this problem is unique to certain OSs and if the php developers eg. did address this already?
  12. #7
  13. No Profile Picture
    Offensive Member
    Devshed Novice (500 - 999 posts)

    Join Date
    Oct 2002
    Location
    in the perfect world
    Posts
    622
    Rep Power
    27
    >>would i find other people's passwords and program code then?


    AFAIK Win NT based systems leave the password in encrypted form at all times after it has been entered. The password is loaded from file encrypted and the input encrypted and then both compared.

    Finding the right 8 or so bytes in 100Mb of used mem might not be easy.

    In my apps I always encrypt or overwrite the data with an un-initialsed section of mem. Just in case.


    >>and to create true random numbers every time a program runs, try this:

    Try sending in the same value to the seed and see how much 'true randomness' you realy have. (rand() is just a list of numbers and the seed is the starting position)
    The essence of Christianity is told us in the Garden of Eden history. The fruit that was forbidden was on the Tree of Knowledge. The subtext is, All the suffering you have is because you wanted to find out what was going on. You could be in the Garden of Eden if you had just kept your f***ing mouth shut and hadn't asked any questions.

    Frank Zappa
  14. #8
  15. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2003
    Posts
    3
    Rep Power
    0
    srand(time(0));
    x = rand();

    This DOESN'T give true random numbers infamous, it's still psuedo random. The only way to get 100% true random numbers is to use special hardware.
  16. #9
  17. not a fan of fascism (n00b)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Feb 2003
    Location
    ct
    Posts
    2,756
    Rep Power
    95
    why doesnt the clock seed create true random numbers?
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    because "true random" says "unpredictable", but the numbers generated from rand() come from a mathematical formula. if you can predict the seed, you know all of the following numbers... Theyīll be always the same.

    You could argument: But noone can predict the exact milliseconds when i started this program. I answer: But if you know it +/- some minutes (maybe even hours?), a standard PC can brute-force all of them ;)
  20. #11
  21. not a fan of fascism (n00b)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Feb 2003
    Location
    ct
    Posts
    2,756
    Rep Power
    95
    interesting M Hircsh. my next question would then be, how does one go about generating true random numbers? or how exactly does this software work that achieves this? any relation to the 1way functions that are used in generating public/private keys in encryption?
  22. #12
  23. No Profile Picture
    .
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2002
    Posts
    296
    Rep Power
    12
    rand() has always been known to be pseudorand(). rand() takes numbers from a pre-written list of numbers in your computer. srand decides where you jump into that long list. not sure if the list of 'random' numbers are different on each computer or not? [edit> almost definetely not thinking about it now.] also not sure how many numbers make up this 'random' number list?

    i believe that some people believe that random numbers gained via any algorithm simply aren't going to be random, which i'm inclined to think myself. if you google for c code random number generator, you can find code that's *pages* long that say they generate random numbers. pgp, when i made an encryted disk partition, required me to jiggle my mouse round for a while to get a random number.
    Last edited by balance; February 14th, 2003 at 01:21 PM.
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    moving your mouse and/or typing on the keyboard is much more random that using the time as seed...

    infamous41md, you can not create true random numbers using software at all. There is special hardware on the market for this task.
  26. #14
  27. Banned ;)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Nov 2001
    Location
    Woodland Hills, Los Angeles County, California, USA
    Posts
    9,607
    Rep Power
    4247
    One way to do this is to use noise diodes (i.e.) diodes that are set up in a circuit past their normal characteristics, where they generate white noise. http://www.avtechpulse.com/faq.html/IV.8/

    There was this story of one swedish computer (built by SAAB in the mid 50s, if I recall correctly) which supposedly had a random channel which used noise diodes. Programs could read input from the random channel to get a stream of random numbers. Apparently no one used this feature though, because once the diodes heated up, they would all return 1 bits :)

    Here's how to build a random bit generator:
    http://positron.jfet.org/hw-rng.html
  28. #15
  29. No Profile Picture
    .
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2002
    Posts
    296
    Rep Power
    12
    built by saab! amazing. you would have thought that some sort of random number generator would have become a standard built in hardware feature of computers? i'm surprised it hasn't.
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo