[tor-bugs] #23061 [Core Tor/Tor]: crypto_rand_double() should produce all possible outputs on platforms with 32-bit int

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Aug 29 01:30:19 UTC 2017 

#23061: crypto_rand_double() should produce all possible outputs on platforms with
32-bit int
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  nickm
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.2.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.2.2.14-alpha
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-relay, security-low, privcount,  |  Actual Points:  0.5
  031-backport, 030-backport, 029-backport, 028  |
  -backport-maybe, 026-backport-maybe, review-   |
  group-22                                       |
Parent ID:                                       |         Points:  0.1
 Reviewer:                                       |        Sponsor:
                                                 |  SponsorQ
-------------------------------------------------+-------------------------

Comment (by teor):

 Replying to [comment:35 catalyst]:
 > Replying to [comment:34 teor]:
 > > There isn't any point trying to include values between 0 and 2^-53^ in
 the output of the function. Because both the Laplace and Gaussian
 functions do `1.0 - crypto_rand_double()`, which rounds values smaller
 than 2^-53^.
 > Is there also no point in trying to fill the holes of missing
 representable values that are between the steps of size 2^-53^? (losing
 one bit of precision with probability 0.5; two bits with probability 0.25;
 etc.) Also intermediate results with greater precision may occur (e.g., on
 x87 -- this is probably how you got greater than 53 bits of precision
 reported in your tests with the "naive" approach) and maybe we should
 allow those?  Or does calling into `tor_mathlog()` round it back down to
 double precision anyway?

 I don't believe there is any point in trying for anything more than
 N*2^-53^ (N integer) in a generic function. If we need more than that for
 a specific distribution, we should change the transform we use for the
 distribution, or feed it random bits directly.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23061#comment:38>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list