debian/0000755000000000000000000000000012113604205007160 5ustar debian/upstream.changelog0000644000000000000000000000270412113604201012670 0ustar Incompressible Data? SHARND generates cryptographically secure pseudo random files (I think. I am looking for feedback). These should not be compressible by any algorithm that does not know the key used to generate it. To use: sharnd key n to generate the n-byte random file, sharnd.out. The key can be any ASCII string (quoted if it contains spaces). Data is generated as a series of 20-byte strings, x[1], x[2], x[3]... such that x[i] = SHA1(x[i-1] + key), and x[0] = 0. [118]sharnd.c, June 7, 2004 [119]sha1.c from RFC 3174 [120]sha1.h from RFC 3174 [121]sharnd.exe, 29,860 bytes (16 bit Windows executable, compiled with g++, UPX) [122]sharnd.32.exe, 27,220 bytes (32 bit Windows executable) [123]sharnd.64.exe, 68,096 bytes (64 bit Windows executable) The 100,000 byte file [124]sharnd_challenge.dat posted on June 21, 2004 was generated by sharnd using a secret key. The SHARND challenge is to guess either the key (an ASCII string less than 80 bytes) or any of the bytes following the data. Furthermore, without knowing the key, it is believed to be impossible to compress this file, i.e. to find a decompression program such that its size (as source code or executable) plus the size of its input is 99,999 bytes or less. (Of course, such a program does exist. It is posted here, and its input is less than 80 bytes). __________________________________________________________________ debian/patches/0000755000000000000000000000000012113604201010603 5ustar debian/patches/10-sharnd.c.patch0000644000000000000000000000355612113604201013553 0ustar From 53d74a189ef7af2360b904bbbbbe493405a0f8ce Mon Sep 17 00:00:00 2001 From: Jari Aalto Date: Fri, 28 May 2010 20:00:44 +0300 Subject: [PATCH] sharnd.c: increase sizes, update name Organization: Private Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Signed-off-by: Jari Aalto --- sharnd.c | 13 +++++++------ 1 files changed, 7 insertions(+), 6 deletions(-) diff --git a/sharnd.c b/sharnd.c index 243c200..5be1ba6 100644 --- a/sharnd.c +++ b/sharnd.c @@ -71,17 +71,18 @@ void test(int err, const char* msg) { } int main(int argc, char** argv) { - int n, i, len; + size_t len, i; + long n; FILE* f; static unsigned char buf[20] = {0}; SHA1Context sha; /* Get args */ if (argc < 2) { - fprintf(stderr, "To generate n secure random bytes: sharnd key n\n"); + fprintf(stderr, "To generate n secure random bytes: sharand KEY COUNT\n"); exit(1); } - n = argc > 2 ? atoi(argv[2]) : 0; /* Number of bytes to output */ + n = argc > 2 ? atol(argv[2]) : 0; /* Number of bytes to output */ /* Print a hash of the key */ len = strlen(argv[1]); /* key length */ @@ -96,14 +97,13 @@ int main(int argc, char** argv) { /* Open output file */ if (n < 1) return 0; - f = fopen("sharnd.out", "wb"); + f = fopen("sharand.out", "wb"); if (!f) { - perror("sharnd.out"); + perror("sharand.out"); exit(1); } /* Generate random data */ - printf("Writing %d random bytes to sharnd.out...\n", n); while (n > 0) { test(SHA1Reset(&sha), "SHA1Reset"); test(SHA1Input(&sha, buf, 20), "SHA1Input hash"); @@ -112,6 +112,7 @@ int main(int argc, char** argv) { fwrite(buf, 1, (n > 20 ? 20 : n), f); n -= 20; } + printf("Wrote sharand.out (%ld bytes)\n", n); fclose(f); return 0; } -- 1.7.0 debian/patches/series0000644000000000000000000000002212113604201012012 0ustar 10-sharnd.c.patch debian/compat0000644000000000000000000000000212113604201010352 0ustar 9 debian/control0000644000000000000000000000131412113604201010556 0ustar Source: sharand Section: non-free/utils Priority: optional Maintainer: Jari Aalto Build-Depends: debhelper (>= 9) Standards-Version: 3.9.4 Vcs-Browser: http://git.debian.org/?p=collab-maint/sharand.git Vcs-Git: git://git.debian.org/git/collab-maint/sharand.git Homepage: http://mattmahoney.net/dc Package: sharand Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: generate cryptographically secure pseudo random file SHA1-RANDOM generates cryptographically secure pseudo random output which should not be compressible by any algorithm that does not know the key used to generate it. Without knowing the key, it is believed to be impossible to compress this file. debian/README.source0000644000000000000000000000040712113604201011334 0ustar Sources for Debian ------------------ This package was put together by downloading Matt Mahoney's code and saving the sha1.[ch] code from RFC 3174. See debian/copyright for RFC information. -- Jari Aalto , Fri, 28 May 2010 20:11:27 +0300 debian/install0000644000000000000000000000002012113604201010535 0ustar sharand usr/bin debian/changelog0000644000000000000000000000332512113604201011031 0ustar sharand (0.0.20120307-2) unstable; urgency=low * debian/control - (Standards-Version): Update to 3.9.4. * debian/copyright - Update year. * debian/rules (override_dh_auto_build): Correct typo in CPPFLAGS variable Patch thanks to Simon Ruderich (Closes: #663980, #663923). -- Jari Aalto Thu, 28 Feb 2013 09:27:40 +0200 sharand (0.0.20120307-1) unstable; urgency=low * New upstream release - Licence change from GPL to MIT to. * debian/copyright - Update to format 1.0 - Upstream changed license to MIT. * debian/control - (Build-Depends): Rm dpkg-dev; not needed with debhelper 9. - (Standards-Version): Update to 3.9.3. * debian/pod2man.mk - Minor updates. * debian/repack.sh - Delete. Not used. * debian/rules - Enable all hardening flags. - Delete buildflags.mk; not needed with debhelper 9. - Migrate to DEB_*_MAINT_APPEND variables. * debian/upstream.changelog - New file. -- Jari Aalto Wed, 07 Mar 2012 00:13:53 -0500 sharand (0.0.20040607-2) unstable; urgency=low * debian/compat - Update to 9 * debian/control - (Build-Depends): update to debhelper 9, dpkg-dev 1.16.1. - (Section): Move from main to non-free/utils (Closes: #659645). * debian/copyright - (X-Comment): Mention that RFC licensed code is non-free. * debian/rules - Use hardened CFLAGS. http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags -- Jari Aalto Sun, 12 Feb 2012 16:11:35 -0500 sharand (0.0.20040607-1) unstable; urgency=low * Initial release (Closes: #583601). -- Jari Aalto Fri, 28 May 2010 20:06:52 +0300 debian/watch0000644000000000000000000000013012113604201010177 0ustar # version=3 # There is no source package to watch, Download *.c directly from homepage. debian/sharand.1.pod0000644000000000000000000000621612113604201011444 0ustar # Copyright # # Copyright (C) 2010 Jari Aalto # # License # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # Description # # To learn what TOP LEVEL section to use in manual pages, # see POSIX/Susv standard and "Utility Description Defaults" at # http://www.opengroup.org/onlinepubs/009695399/utilities/xcu_chap01.html#tag_01_11 # # This is manual page in Perl POD format. Read more at # http://perldoc.perl.org/perlpod.html or run command: # # perldoc perlpod | less # # To check the syntax: # # podchecker *.pod # # Create manual page with command: # # pod2man PAGE.N.pod > PAGE.N =pod =head1 NAME sharand - generate cryptographically secure pseudo random file =head1 SYNOPSIS sharand key sharand key count-of-bytes =head1 DESCRIPTION SHA1-RANDOM generates cryptographically secure pseudo random files which should not be compressible by any algorithm that does not know the key used to generate it. Without knowing the key, it is believed to be impossible to compress this file. The command: sharand key prints the SHA1 hash of the key, which can be any ASCII string. If the string has spaces, then enclose it in quotes. Command: sharand key n works as above and also creates the file C with length n bytes containing cryptographically secure pseudo random numbers. Given all but one bit of the file, it is not possible to guess the remaining bit with probability greater than 1/2 unless you know the key. The output is a series of 20 byte strings, x[1], x[2], ... x[n/20] such that: x[i] = SHA1(x[i-1] + key) where x[0] is a string of 0 bytes, and + denotes concatenation. =head1 OPTIONS None. =head1 EXAMPLES Basic use: $ sharand abc 50 Key hash = A9 99 3E 36 47 06 81 6A BA 3E 25 71 78 50 C2 6C 9C D0 D8 9D Wrote sharand.out (50 bytes) The contents of sharnad.out $ od -x sharand.out 7D DF 37 9E DB 9F 0E 14 1F 6D AD EF EC 28 F0 60 2B 2A 76 A8 49 54 13 F2 6E DA 0F 19 CD D9 26 6C 46 8A 2D 17 8B 76 24 C0 0D D1 80 4F E7 22 6C 2A 9A C9 =head1 ENVIRONMENT None. =head1 FILES Program's output is written to C. =head1 STANDARDS "US Secure Hash Algorithm 1 (SHA1)" http://www.rfc-editor.org/rfc/rfc3174.txt =head1 SEE ALSO crypt(1) =head1 AUTHORS Program was written by Matt Mahoney This manual page was written by Jari Aalto . Released under license GNU GPL version 2 or (at your option) any later version. For more information about license, visit . =cut debian/rules0000755000000000000000000000131312113604201010232 0ustar #!/usr/bin/make -f PACKAGE = sharand export DEB_BUILD_MAINT_OPTIONS = hardening=+all export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed CHANGELOG = debian/upstream.changelog URL = http://mattmahoney.net/dc # Run manually as needed. get-changelog: lynx -dump $(URL) | \ awk '/Incompressible Data/,/_____/ {print} ' \ > $(CHANGELOG) man: $(MAKE) -C debian -f pod2man.mk PACKAGE=$(PACKAGE) makeman override_dh_installchangelogs: dh_installchangelogs $(CHANGELOG) override_dh_auto_build: man $(CC) $(CFLAGS) $(CPPFLAGS) -I. -c sha1.c $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -I. -o $(PACKAGE) shar*.c *.o %: dh $@ .PHONY: man get-changelog # End of file debian/copyright0000644000000000000000000001466612113604201011124 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0 Upstream-Name: sharand Upstream-Contact: Matt Mahoney , Source: http://mattmahoney.net/dc Files: sharnd.c Copyright: 2004, 2012 Matt Mahoney License: MIT-X11 Files: debian/* Copyright: 2010-2013 Jari Aalto License: GPL-2+ Files: sha1.c Copyright: 2001 The Internet Society X-Comment: See Bug#659645 by Sam Geeraerts : . To my understanding that means you can extend, but not modify the text/ code in this file. This violates DFSG. . It looks like this code was copied straight from RFC 3174. I found a discussion [2] on debian-legal from a few years back that says that RFC texts are non-free (except for the first 1000 or so). A summary about copyright on RFC Editor [3] says that derivative works are allowed, but doesn't go into detail. . [1] http://www.rfc-editor.org/rfc/rfc3174.txt [2] http://lists.debian.org/debian-legal/2006/04/msg00223.html [3] http://www.rfc-editor.org/copyright.17Feb04.html X-License-Info: The "US Secure Hash Algorithm 1 (SHA1)" as presented in http://datatracker.ietf.org/doc/rfc3174. The code also contain additional text as follows: /* * sha1.c * * Description: * This file implements the Secure Hashing Algorithm 1 as * defined in FIPS PUB 180-1 published April 17, 1995. * * The SHA-1, produces a 160-bit message digest for a given * data stream. It should take about 2**n steps to find a * message with the same digest as a given message and * 2**(n/2) to find any two messages with the same digest, * when n is the digest size in bits. Therefore, this * algorithm can serve as a means of providing a * "fingerprint" for a message. * * Portability Issues: * SHA-1 is defined in terms of 32-bit "words". This code * uses (included via "sha1.h" to define 32 and 8 * bit unsigned integer types. If your C compiler does not * support 32 bit unsigned integers, this code is not * appropriate. * * Caveats: * SHA-1 is designed to work with messages less than 2^64 bits * long. Although SHA-1 allows a message digest to be generated * for messages of any number of bits less than 2^64, this * implementation only works with messages with a length that is * a multiple of the size of an 8-bit character. * */ License: RFC Files: sha1.h Copyright: 2001 The Internet Society X-License-Info: The "US Secure Hash Algorithm 1 (SHA1)" as presented in http://datatracker.ietf.org/doc/rfc3174. The code also contain additional text as follows: /* * sha1.h * * Description: * This is the header file for code which implements the Secure * Hashing Algorithm 1 as defined in FIPS PUB 180-1 published * April 17, 1995. * * Many of the variable names in this code, especially the * single character names, were used because those were the names * used in the publication. * * Please read the file sha1.c for more information. * */ License: RFC License: MIT-X11 . Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. . THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. License: GPL-2+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . X-License-Info: On Debian systems, the complete text of the GNU General Public License can be found in "/usr/share/common-licenses/GPL-2". License: RFC [from RFC 3174, page 22] Full Copyright Statement . Copyright (C) The Internet Society (2001). All Rights Reserved. . This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. . The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. . This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. debian/source/0000755000000000000000000000000012113604201010454 5ustar debian/source/format0000644000000000000000000000001412113604201011662 0ustar 3.0 (quilt) debian/pod2man.mk0000644000000000000000000000345312113604201011052 0ustar # pod2man.mk -- Makefile portion to convert *.pod files to manual pages # # Copyright information # # Copyright (C) 2008-2010 Jari Aalto # # License # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # Description # # Convert *.pod files to manual pages. Add this to Makefile: # # PACKAGE = package # # man: # make -f pod2man.mk PACKAGE=$(PACKAGE) makeman # # build: man ifneq (,) This makefile requires GNU Make. endif # This variable *must* be set when called PACKAGE ?= package # Optional variables to set MANSECT ?= 1 PODCENTER ?= User Commands PODDATE ?= $$(date "+%Y-%m-%d") # Directories MANSRC ?= MANDEST ?= $(MANSRC) MANPOD ?= $(MANSRC)$(PACKAGE).$(MANSECT).pod MANPAGE ?= $(MANDEST)$(PACKAGE).$(MANSECT) POD2MAN ?= pod2man POD2MAN_FLAGS ?= --utf8 makeman: $(MANPAGE) $(MANPAGE): $(MANPOD) # make target - create manual page from a *.pod page podchecker $(MANPOD) LC_ALL= LANG=C $(POD2MAN) $(POD2MAN_FLAGS) \ --center="$(PODCENTER)" \ --date="$(PODDATE)" \ --name="$(PACKAGE)" \ --section="$(MANSECT)" \ $(MANPOD) \ | sed 's,[Pp]erl v[0-9.]\+,$(PACKAGE),' \ > $(MANPAGE) && \ rm -f pod*.tmp # End of of Makefile part debian/clean0000644000000000000000000000002712113604201010160 0ustar sharand debian/*.1 *.o debian/manpages0000644000000000000000000000001312113604201010664 0ustar debian/*.1