Seeding in mini-gmp

Torbjörn Granlund tg at
Thu Nov 24 16:06:58 UTC 2016

Some comments re the pushed mini-gmp seeding improvements.

Should seeds really be limited to an unsigned long and at the same time
to 4 bytes?  Both limits seem unnecessary.

It just takes some weeks of our testing before seeds will start
repeating  with such small seeds.

I haven't looked deeper into the code, but if there is a seed function
which accepts an mpz_t, then please consider using it instead.  And then
follow GMP's example and read 6 bytes of random data from /dev/urandom.

  +    /* Unsigned long may be only 32 bits, and then a plain microsecond
  +       count would wrap around in only 71 minutes. So instead, xor
  +       microseconds with the most significant second bits, which are
  +       the least "random". */
  +    return tv.tv_sec ^ (tv.tv_usec << 12);

You probably need a cast there, else you'll typically end up with 32-bit
arithmetic there.  (Or even better, use mpz_t here too.)

If you stick to 32-bit seeds, please make sure all arms of the code
explicitly truncate seeds to 32 bits.  That will be less confusing when
sometimes in the future trying to repro a problem (else we could have a
problem triggered by a larger seed which would sometimes be truncated,
sometimes not truncated in the repro situation).

Please encrypt, key id 0xC8601622

More information about the gmp-devel mailing list