cybersecurity · beginner · ~10 min

Pick the right entropy source for the use case

Match entropy source to the use case.

Challenge

For each use case below, return the recommended source as an int:

  • 0 = rand() — fast, deterministic with srand seed (NOT for security)
  • 1 = /dev/urandom — cryptographic, always-available, blocks only on very early boot
  • 2 = getrandom(2) syscall — Linux 3.17+, preferred, no fd needed

Implement int recommend_entropy_source(int use_case):

  • 0 = picking a Bingo number for a game UI
  • 1 = generating a session token for a web server
  • 2 = seeding a cryptographic nonce
  • 3 = filling a debugging buffer with garbage
  • 4 = generating a CSRF token

Return:

  • 0 for cases 0 and 3 (non-security).
  • 2 for cases 1, 2, 4 (security — prefer getrandom).
  • -1 for unknown use_case.

Why this matters

rand()/srand(time(NULL)) is the entropy source used in too many security CVEs. Choosing the right call matters.

Input format

Use-case integer.

Output format

0 / 2 / -1.

Constraints

No real syscalls.

Starter code

int recommend_entropy_source(int use_case) { /* TODO */ (void)use_case; return -1; }

Common mistakes

Using rand() for security. Using /dev/urandom when getrandom is available.

Edge cases to handle

Unknown use_case.

Complexity

O(1).

Background lessons

Solve this exercise in the browser editor — compile and run against the test harness, no setup required.