Skip to content

2.0.6

  • 2.0.6
  • fba3c49

  • Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode

  • Choose a tag to compare

    View all tags
2.0.6: fix: correct rejection sampling threshold in uid generation (#40)
  • 2.0.6
  • fba3c49

  • Choose a tag to compare

    View all tags

  • Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
@absalonCRC absalonCRC tagged this 22 May 21:06 
Fix off-by-one error in rejection sampling: threshold was '> 248'
should be '> 247' (256 - 62 = 194, so reject values >= 248).
Values 0-247 (248 values) evenly divisible by 62 (4 mappings per char).
Value 248 maps to index 0 ('A'), giving 'A' a 25% frequency advantage.

Security: biased random output impacts cryptographic uniformity guarantees.

- Changes 'while (rand > 248)' to 'while (rand > 247)'
- Verified: 256 % 62 = 8, so threshold = 255 - 8 = 247
Assets 2
Loading