On Sun, May 15, 2022 at 08:57:09AM -0300, Crystal Kolipe wrote:
> On Sun, May 15, 2022 at 11:44:29AM +0200, Otto Moerbeek wrote:
> > On Sun, May 15, 2022 at 04:27:30AM -0500, Luke Small wrote:
> > > How did someone prove the current implementation was cryptographically
> > > sound? Did they run massive simulations which ran the gamut of the
> > > uint32_t
> > > range which demanded tight tolerances over varying length runs?
> > >
> > > How was rc4 cipher proven bad for pseudorandom numbers? I???d be willing
> > > to
> > > bet it wasn???t from a mathematical proof; it was from bad data.
>
> > You miss the point completely. The point is: how do you derive a
> > uniformly distributed random function for a smaller range, given a
> > uniformly distibuted random function over the range [0-2^32-1].
> >
> > The current implementation does exactly that and has all the
> > information in the comments to verify the uniformity claim. You only
> > need to use basic mathematical properties of modulo arithmetic to
> > do the verification.
>
> You do all realise that uniform distribution alone does not make a
> good random number generator, don't you?
>
> For example:
>
> 1, 2, 3, 4, 5, 1, 2, 3, 4, 5, 1, 2, 3, 4, 5, 1, 2, 3, 4, 5...
>
> That's uniformly distributed, and also useless as a random number
> stream.
>
> Further more, _cryptographically secure_ random number generation is
> not the same as _mathematically good_ random number generation.
>
> There are plenty of random number generation formulas which are
> considered good and useful from a mathematical basis, but which are
> useless for cryptography.
>
> So random, (pun intended), hacks at the arc4random code are not
> likely to 'improve' it from the general standpoint, (although if you
> have a specific need for a specific private application, that's
> different). I think Stuart has already more or less made that point.
>
I think I can say we know here uniformity is only *one* of the
desirable properties of a secure random generator.
But I don't think anybody else execpt Luke was talking about
"improving". The sole purpose of arc4random_uniform() is to give a
good implementation of a random number function in a specific range
using arc4random() as the source. This is needed because the naive
implementation arc4random() % upper_bound is not uniform.
-Otto
