search for: arc4random_uniform

https://bugzilla.mindrot.org/show_bug.cgi?id=3629 Bug ID: 3629 Summary: Building with Clang-17 fails due to -fzero-call-used-regs Product: Portable OpenSSH Version: 9.5p1 Hardware: amd64 OS: Mac OS X Status: NEW Severity: critical Priority: P5 Component: Build system

Hi, Yesterday I tried to replace the system openssl in a gentoo system with libressl. With openssh an interesting issue popped up: * RAND_bytes in libressl calls arc4random * arc4random is a compat function both in openssh and libressl * arc4random from openssh uses RAND_bytes So what's happening is a recursion. arc4random wants to use RAND_bytes and RAND_bytes wants to use arc4random. The

...doesn't matter, but you never know when someone copy+pastes your code into their project thinking this is a proper way to generate random passwords, so IMHO its best to avoid the modulo bias. > See here for more details: http://eternallyconfuzzled.com/arts/jsw_art_rand.aspx > And see arc4random_uniform's implementation: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/arc4random.c?rev=1.26;content-type=text%2Fplain > > 3. The generated password needs ~2^107 brute-force attempts (16 * log2(60) + log2(default_rounds=5000)), which is more than enough of course, but usually 128...

On 9/20/18 1:43 AM, Carl Boettiger wrote: > For a well-tested C algorithm, based on my reading of Lemire, the unbiased > "algorithm 3" in https://arxiv.org/abs/1805.10941 is part already of the C > standard library in OpenBSD and macOS (as arc4random_uniform), and in the > GNU standard library. Lemire also provides C++ code in the appendix of his > piece for both this and the faster "nearly divisionless" algorithm. > > It would be excellent if any R core members were interested in considering > bindings to these algorithms as...

...On 9/20/18 1:43 AM, Carl Boettiger wrote: > >> For a well-tested C algorithm, based on my reading of Lemire, the > >> unbiased "algorithm 3" in https://arxiv.org/abs/1805.10941 is part > >> already of the C standard library in OpenBSD and macOS (as > >> arc4random_uniform), and in the GNU standard library. Lemire also > >> provides C++ code in the appendix of his piece for both this and the > >> faster "nearly divisionless" algorithm. > >> > >> It would be excellent if any R core members were interested in > >&gt...

...AM, Ralf Stubner wrote: > On 9/20/18 1:43 AM, Carl Boettiger wrote: >> For a well-tested C algorithm, based on my reading of Lemire, the unbiased >> "algorithm 3" in https://arxiv.org/abs/1805.10941 is part already of the C >> standard library in OpenBSD and macOS (as arc4random_uniform), and in the >> GNU standard library. Lemire also provides C++ code in the appendix of his >> piece for both this and the faster "nearly divisionless" algorithm. >> >> It would be excellent if any R core members were interested in considering >> bindings to...

...rval */ + if (fuzz_ns > INT_MAX) + fuzz_ns = INT_MAX; + if (fuzz_ns > interval_ns) { + /* Shouldn't happen */ + fatal_f("internal error: fuzz %u%% %lldns > interval %lldns", + interval_fuzz_pct, fuzz_ns, interval_ns); + } + interval_ns -= fuzz_ns / 2; + interval_ns += arc4random_uniform(fuzz_ns); + + tmp.tv_sec = interval_ns / (1000 * 1000 * 1000); + tmp.tv_nsec = interval_ns % (1000 * 1000 * 1000); + + timespecadd(now, &tmp, next_interval); +} + /* * Performs keystroke timing obfuscation. Returns non-zero if the * output fd should be polled. @@ -586,8 +616,9 @@ obfuscate...

...Carl Boettiger wrote: > > >> For a well-tested C algorithm, based on my reading of Lemire, the > > >> unbiased "algorithm 3" in https://arxiv.org/abs/1805.10941 is part > > >> already of the C standard library in OpenBSD and macOS (as > > >> arc4random_uniform), and in the GNU standard library. Lemire also > > >> provides C++ code in the appendix of his piece for both this and the > > >> faster "nearly divisionless" algorithm. > > >> > > >> It would be excellent if any R core members were intere...

...if ${CC} supports compile flag -fzero-call-used-regs=all if ${CC} supports compile flag -ftrivial-auto-var-init=zero for sys/sysctl.h for library containing login for closefrom for close_range for library containing dlopen for arc4random for arc4random_buf for arc4random_uniform if libc defines sys_errlist if libc defines sys_nerr for library containing res_query for library containing dn_expand if res_query will link for _getshort for _getlong While most of these configuration difference seem trivial and innocuous, the -fzero-call-used-regs=al...

A quick point of order here: arguing with Duncan in this forum is helpful to expose ideas, but probably neither side will convince the other; eventually, if you want this adopted in core R, you'll need to convince an R-core member to pursue this fix. In the meantime, a good, well-tested implementation in a user-contributed package (presumably written in C for speed) would be enormously

For a well-tested C algorithm, based on my reading of Lemire, the unbiased "algorithm 3" in https://arxiv.org/abs/1805.10941 is part already of the C standard library in OpenBSD and macOS (as arc4random_uniform), and in the GNU standard library. Lemire also provides C++ code in the appendix of his piece for both this and the faster "nearly divisionless" algorithm. It would be excellent if any R core members were interested in considering bindings to these algorithms as a patch, or might expres...

...ttiger wrote: >>>>> For a well-tested C algorithm, based on my reading of Lemire, the >>>>> unbiased "algorithm 3" in https://arxiv.org/abs/1805.10941 is part >>>>> already of the C standard library in OpenBSD and macOS (as >>>>> arc4random_uniform), and in the GNU standard library. Lemire also >>>>> provides C++ code in the appendix of his piece for both this and the >>>>> faster "nearly divisionless" algorithm. >>>>> >>>>> It would be excellent if any R core members were...

...ng whether GLOB_NOMATCH is declared... yes checking whether struct dirent allocates space for d_name... configure: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME checking for /proc/pid/fd directory... yes checking for arc4random... no checking for arc4random_buf... no checking for arc4random_uniform... no checking for asprintf... no checking for b64_ntop... no checking for __b64_ntop... yes checking for b64_pton... no checking for __b64_pton... yes checking for bcopy... yes checking for bindresvport_sa... yes checking for clock... yes checking for closefrom... no checking for dirfd... yes chec...