So in my last post I mentioned random numbers, and talked about needing to trade off between security, speed, and the randomness of the source of random numbers. I stand by the considerations that need to be made, but it was brought to my attention that I was looking at math/rand in go where they also have crypto/rand which makes using /dev/urandom much simpler. The trade offs are the same in practice, but the work was much easier to implement that way, so thank you Liam
I'd try crypto/rand. There seems to be a debate about having to create the seed for math/rand but apparently that's not something they are planning on fixing as it's not meant for true randomness.
— liam sorsby (@liamsorsby) September 2, 2019
I was also mocked by a colleague for not having anything ready to use yet, so I’ve uploaded what I have so far. Feel free to use it Ols. But do keep in mind this is still a work in progress. The locations are now stored for 30 minutes, as are the keys.
There’s quite a bit I still need to do before I would consider this to even being close to a useful product.
- It needs some form of user authentication.
- That needs coupling with authorisation, to limit who can read locations, or generate new keys.
- It has a lot of hard coded variables, these need spinning out into a config file.
- It really needs some one with design skills to make it less ugly.
But for now this is what I have, and if I look back at my initial blog post announcing this project, the title included the rather arrogant question “How hard can it be?”. So far, actually, not very.