[PATCH] stdlib: Remove possible bias in arc4random_uniform
Adhemerval Zanella Netto
adhemerval.zanella@linaro.org
Tue Aug 2 12:34:07 GMT 2022
On 02/08/22 09:25, Adhemerval Zanella wrote:
> It turned out that the shift optimziation to reuse the discarded bits
> might introduce bias [1]. This patch removes is and just issue another
> round if the condition can not be satisfied.
>
> Checked on x86_64-linux-gnu.
>
> [1] https://crypto.stackexchange.com/questions/101325/uniform-rejection-sampling-by-shifting-or-rotating-bits-from-csprng-output-safe
I understand wrongly the question on the crypto.stackexchange, the issues is to
reuse the already discarded bits after the test, which is not the case in glibc
implementation.
More information about the Libc-alpha
mailing list