[tor-bugs] #23061 [Core Tor/Tor]: crypto_rand_double() should produce all possible outputs on 32-bit platforms
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jul 31 10:01:32 UTC 2017
#23061: crypto_rand_double() should produce all possible outputs on 32-bit
platforms
-------------------------------------------------+-------------------------
Reporter: teor | Owner:
Type: defect | Status:
| needs_review
Priority: Medium | Milestone: Tor:
| 0.3.2.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.2.2.14-alpha
Severity: Normal | Resolution:
Keywords: tor-relay, security-low, privcount, | Actual Points: 0.5
031-backport, 030-backport, 029-backport, 028 |
-backport-maybe, 027-backport-maybe, 026 |
-backport-maybe |
Parent ID: | Points: 0.1
Reviewer: | Sponsor:
| SponsorQ
-------------------------------------------------+-------------------------
Changes (by teor):
* status: new => needs_review
* keywords: tor-relay, security-low, privcount =>
tor-relay, security-low, privcount, 031-backport, 030-backport,
029-backport, 028-backport-maybe, 027-backport-maybe, 026-backport-
maybe
* actualpoints: => 0.5
Comment:
See my branch rand-double-029, which is based on maint-0.2.9. It comes
with unit tests and a rewritten crypto_rand_double() that uses rejection
sampling. The new unit tests pass for me on macOS 10.12 x86_64 and i386.
We might want to backport this to 0.2.6, where we added laplace noise
using this function. But when I tried to cherry-pick the commits, it was
non-trivial. (Someone else is welcome to do this!)
The only users of crypto_rand_double() before 0.2.6 are tests, so we don't
need to backport it any further.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23061#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list