bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: $RANDOM not Cryptographically secure pseudorandom number generator


From: Ole Tange
Subject: Re: $RANDOM not Cryptographically secure pseudorandom number generator
Date: Mon, 7 Jan 2019 08:15:12 +0100

On Mon, Jan 7, 2019 at 12:08 AM Chet Ramey <address@hidden> wrote:
>
> On 1/5/19 3:12 PM, Eduardo A. Bustamante López wrote:
> > On Fri, Dec 28, 2018 at 10:24:50AM +0100, Ole Tange wrote:
> > (...)
> >> Patch attached.
:
> > - Does the new RNG generate uniformly distributed numbers? (Yes)
> > - What is the performance impact (roughly 2X slower)

The impact is not from Salsa20/ChaCha20, though, if you compare
patched vs. unpatched code.

On my system BASH_RANDOM_16 is a tiny bit faster than the original,
while BASH_RANDOM_32 is a tiny bit slower.

> > - Does it break any existing tests? (Yes, easy to fix)
>
> What's the period of the resulting RNG? That's the chief complaint with
> the existing implementation.

My implementation made that hard to determine.

I have updated the patch: It now supports BASH_RANDOM_16 as well as 32.

I have changed the algorithm to ChaCha20, as it seems that is the
variant that Google, FreeBSD, OpenBSD, and NetBSD have chosen, and it
seems it is a little harder to attack.

The period in this patch is 2^128 blocks after which it wraps. Each
block results in 32 values (BASH_RANDOM_16) or 16 values
(BASH_RANDOM_32). So the period for the values is 2^133 and 2^132,
respectively.

(And please feel free to clean up my code: C is a language I code once
every 5 years or so).

/OIe

Attachment: chacha20.patch
Description: Text Data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]