[tor-bugs] #23061 [Core Tor/Tor]: crypto_rand_double() should produce all possible outputs on platforms with 32-bit int
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Aug 2 21:33:34 UTC 2017
#23061: crypto_rand_double() should produce all possible outputs on platforms with
32-bit int
-------------------------------------------------+-------------------------
Reporter: teor | Owner: nickm
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone: Tor:
| 0.3.2.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.2.2.14-alpha
Severity: Normal | Resolution:
Keywords: tor-relay, security-low, privcount, | Actual Points: 0.5
031-backport, 030-backport, 029-backport, 028 |
-backport-maybe, 027-backport-maybe, 026 |
-backport-maybe |
Parent ID: | Points: 0.1
Reviewer: | Sponsor:
| SponsorQ
-------------------------------------------------+-------------------------
Comment (by teor):
Replying to [comment:10 catalyst]:
> Replying to [comment:9 teor]:
> > It might be ok to only have 48 bits of entropy. Or we could extend
that scheme to give us 52 (or >52 with subnormals).
>
> Would we have to do something different to make sure the subnormal
values are uniform with the others?
If the architecture supports subnormals, ldexp() generates them, and +
correctly handles them, then this code will work:
{{{
unsigned short rseed[4];
crypto_rand(rseed, sizeof rseed);
return ldexp((double) rseed[0], -64) +
ldexp((double) rseed[1], -48) +
ldexp((double) rseed[2], -32) +
ldexp((double) rseed[3], -16);
}}}
It's much better than bit-stuffing, because it doesn't depend on how
subnormals are implemented.
Modified from:
https://github.com/libressl-
portable/openbsd/blob/master/src/lib/libc/stdlib/drand48.c
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23061#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list