[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #23061 [Core Tor/Tor]: crypto_rand_double() should produce all possible outputs on 32-bit platforms
#23061: crypto_rand_double() should produce all possible outputs on 32-bit
platforms
-------------------------------------------------+-------------------------
Reporter: teor | Owner:
Type: defect | Status:
| needs_review
Priority: Medium | Milestone: Tor:
| 0.3.2.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.2.2.14-alpha
Severity: Normal | Resolution:
Keywords: tor-relay, security-low, privcount, | Actual Points: 0.5
031-backport, 030-backport, 029-backport, 028 |
-backport-maybe, 027-backport-maybe, 026 |
-backport-maybe |
Parent ID: | Points: 0.1
Reviewer: | Sponsor:
| SponsorQ
-------------------------------------------------+-------------------------
Changes (by teor):
* status: new => needs_review
* keywords: tor-relay, security-low, privcount =>
tor-relay, security-low, privcount, 031-backport, 030-backport,
029-backport, 028-backport-maybe, 027-backport-maybe, 026-backport-
maybe
* actualpoints: => 0.5
Comment:
See my branch rand-double-029, which is based on maint-0.2.9. It comes
with unit tests and a rewritten crypto_rand_double() that uses rejection
sampling. The new unit tests pass for me on macOS 10.12 x86_64 and i386.
We might want to backport this to 0.2.6, where we added laplace noise
using this function. But when I tried to cherry-pick the commits, it was
non-trivial. (Someone else is welcome to do this!)
The only users of crypto_rand_double() before 0.2.6 are tests, so we don't
need to backport it any further.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23061#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs