On Sun, 15 May 2022, Luke Small wrote:

> Do I really have to use specific terminology to make a point?
>
> I'm not educated enough on chacha20 enough to know whether, like I
> pointed out, whether choosing 5 bits from the middle of (or even from
> the tail end of one and the beginning of another) 32 bit pseudorandom
> cipher is "correct."

You don't need to understand chacha20 to understand                    .
arc4random_uniform() I certainly didn't when I wrote it                .

The underlying CSPRNG is irrelevant to how arc4random_uniform() works.
It it treated as an oracle that provides 32 random bit upon request. You
could swap it out for 32 coin-tossing monkeys and the implementation
wouldn't need to change.

It requests another 32 bit random value for each attempt at satisfying
the bounds check because they need to be independent - reusing parts of
a previous attempt is highly likely to introduce biases.

It's almost certainly possible to make this function faster, but it's
also very easy to get it wrong (e.g. I made one stupid math error in its
early implementation, forever immortalised by CVS). The existing code
has the advantage of being very obvious in how it works and therefore
has a very low risk of being wrong.

If someone is proposing to move to something less obvious then it's
incumbent upon them to do the work to prove that their alternative is
just as correct.

> ...correct correct correct. Did I use that buzzword enough?

Highly experienced people are taking he time to give you detailed,
critical feedback. This can be hard to receive, but if you ever want to
improve then you should consider it and try to engage constructively.

-d

Reply via email to