You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some values of i are more common than others, because if you have a rand0_5() (example) function that generates random numbers between 0 and 5 inclusive, and you want a number between 0-4 inclusive, then if you write a program that does rand0_5() % 5, getting a result of 0 is twice as common as every other result because only one possible return value of rand0_5() gives you each of 1-4, while two possible return values of rand0_5() give you 0:
rand() produces a 31-bit result, so the bias there should be minimal. also this is not a usage that needs to be cryptographically secure. apart from that, i believe that usage of rand_chain is not very common, as there are various issues with that approach.
This article is an excellent writeup on modulo bias and its solution:
https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/
The gist of it is that in this code:
proxychains-ng/src/core.c
Line 478 in d5cc80a
Some values of
i
are more common than others, because if you have arand0_5()
(example) function that generates random numbers between 0 and 5 inclusive, and you want a number between 0-4 inclusive, then if you write a program that doesrand0_5() % 5
, getting a result of 0 is twice as common as every other result because only one possible return value ofrand0_5()
gives you each of 1-4, while two possible return values ofrand0_5()
give you 0:The general solution to this problem is modulo rejection, as explained in the article. Here's a C version:
https://github.com/openbsd/src/blob/dd1c5868edaa80b7ad9df54e8b3eae1c49c42319/lib/libc/crypt/arc4random_uniform.c#L32-L56
The text was updated successfully, but these errors were encountered: