So in my last post I mentioned random numbers, and talked about needing to trade off between security, speed, and the randomness of the source of random numbers. I stand by the considerations that need to be made, but it was brought to my attention that I was looking at math/rand in go where they also have crypto/rand which makes using /dev/urandom much simpler. The trade offs are the same in practice, but the work was much easier to implement that way, so thank you Liam

I was also mocked by a colleague for not having anything ready to use yet, so I’ve uploaded what I have so far. Feel free to use it Ols. But do keep in mind this is still a work in progress. The locations are now stored for 30 minutes, as are the keys.

There’s quite a bit I still need to do before I would consider this to even being close to a useful product.

  • It needs some form of user authentication.
  • That needs coupling with authorisation, to limit who can read locations, or generate new keys.
  • It has a lot of hard coded variables, these need spinning out into a config file.
  • It really needs some one with design skills to make it less ugly.

But for now this is what I have, and if I look back at my initial blog post announcing this project, the title included the rather arrogant question “How hard can it be?”. So far, actually, not very.

posted at 02:11:00 PM on 7 Sep 2019 by Craig Stewart

Tags:project sysadmin golang location-finder