|
From: | Markus Mützel |
Subject: | [Octave-bug-tracker] [bug #58800] BIST for rng sometimes fails |
Date: | Fri, 24 Jul 2020 03:04:39 -0400 (EDT) |
User-agent: | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36 Edg/84.0.522.40 |
Update of bug #58800 (project octave): Status: Confirmed => Patch Submitted _______________________________________________________ Follow-up Comment #17: Thank you for the review. I agree that it is not necessary to pass the lower bound to the uniform_int_distribution constructor. I also agree that it is enough to add only one element from the non-deterministic source to the initialization vector to ensure that the seed changes. While Octave's random number generator is probably not meant for encryption purposes, imho we should nevertheless attempt to make it more "secure" if it is easily possible. The result of random_devices ()-operator is an unsigned int. That might be just 16 bit worth of "entropy" depending on the implementation. I'm not an expert. But that feels like it might make it easier to "guess" the state of the rng. What about the attached change that - if possible - adds at least 32bit worth of "entropy" to the initialization vector (which isn't excessive imho)? I don't know if we should try to add a bit more. (file #49539) _______________________________________________________ Additional Item Attachment: File name: bug58800_random_device_v3.patch Size:2 KB <https://file.savannah.gnu.org/file/bug58800_random_device_v3.patch?file_id=49539> _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?58800> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |