[tor-bugs] #17799 [Core Tor/Tor]: Hash All PRNG output before use

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 18 14:04:33 UTC 2016 

#17799: Hash All PRNG output before use
-------------------------------+----------------------------------------
 Reporter:  teor               |          Owner:  nickm
     Type:  defect             |         Status:  needs_revision
 Priority:  Medium             |      Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor       |        Version:  Tor: unspecified
 Severity:  Normal             |     Resolution:
 Keywords:  TorCoreTeam201604  |  Actual Points:
Parent ID:                     |         Points:  small/medium-remaining
 Reviewer:  asn                |        Sponsor:
-------------------------------+----------------------------------------

Comment (by asn):

 Replying to [comment:21 yawning]:
 >  * We should run this through dieharder/testU01/the NIST suite or
 similar, just to say we did.  Most CSPRNGs (even broken/horribad ones)
 will pass both tests, but it's better than nothing.

 That seemed like a good idea, so I tried to do it.

 I moded my Tor so that it writes a file with about 1.9GB of random data
 (`/tmp/rng.bin`) on startup. You can find the patch in my branch
 `shake_prng_v3_diehard_gen` at my repo. I pushed it in case there is some
 bug in my method.

 Then I installed dieharder (there is package in debian) and ran that file
 through dieharder. Then I generated another random file, and run that
 through dieharder again. In this ticket I attach the two resulting
 reports.

 FWIW, I ran dieharder like this: `$ dieharder -a -g 201 -f tmp/rng.bin `

 WRT the results, the PRNG seems to be doing fine for most of the tests.
 Although for some reason there are a few WEAK and FAILED tests in both
 tries. Specifically from the first file, I got:
 {{{
          rgb_bitdist|  10|    100000|     100|0.00264377|   WEAK
       rgb_lagged_sum|  24|   1000000|     100|0.00011748|   WEAK
 }}}
 and from the second file I got:
 {{{
       rgb_lagged_sum|   9|   1000000|     100|0.00196700|   WEAK
       rgb_lagged_sum|  19|   1000000|     100|0.00355957|   WEAK
       ...
       rgb_lagged_sum|  24|   1000000|     100|0.00000000|  FAILED

 }}}

 The two tests that seem to fail are `rgb_bitdist` and especially
 `rgb_lagged_sum`.

 I will try to run the test again, and maybe verify my tor patch.

 Maybe someone else wants to reproduce as well.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17799#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list