[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: $RANDOM not Cryptographically secure pseudorandom number generator
|
From: |
Ole Tange |
|
Subject: |
Re: $RANDOM not Cryptographically secure pseudorandom number generator |
|
Date: |
Mon, 7 Jan 2019 08:15:12 +0100 |
On Mon, Jan 7, 2019 at 12:08 AM Chet Ramey <chet.ramey@case.edu> wrote:
>
> On 1/5/19 3:12 PM, Eduardo A. Bustamante López wrote:
> > On Fri, Dec 28, 2018 at 10:24:50AM +0100, Ole Tange wrote:
> > (...)
> >> Patch attached.
:
> > - Does the new RNG generate uniformly distributed numbers? (Yes)
> > - What is the performance impact (roughly 2X slower)
The impact is not from Salsa20/ChaCha20, though, if you compare
patched vs. unpatched code.
On my system BASH_RANDOM_16 is a tiny bit faster than the original,
while BASH_RANDOM_32 is a tiny bit slower.
> > - Does it break any existing tests? (Yes, easy to fix)
>
> What's the period of the resulting RNG? That's the chief complaint with
> the existing implementation.
My implementation made that hard to determine.
I have updated the patch: It now supports BASH_RANDOM_16 as well as 32.
I have changed the algorithm to ChaCha20, as it seems that is the
variant that Google, FreeBSD, OpenBSD, and NetBSD have chosen, and it
seems it is a little harder to attack.
The period in this patch is 2^128 blocks after which it wraps. Each
block results in 32 values (BASH_RANDOM_16) or 16 values
(BASH_RANDOM_32). So the period for the values is 2^133 and 2^132,
respectively.
(And please feel free to clean up my code: C is a language I code once
every 5 years or so).
/OIe
chacha20.patch
Description: Text Data