Seeding in mini-gmp
tg at gmplib.org
Thu Nov 24 16:06:58 UTC 2016
Some comments re the pushed mini-gmp seeding improvements.
Should seeds really be limited to an unsigned long and at the same time
to 4 bytes? Both limits seem unnecessary.
It just takes some weeks of our testing before seeds will start
repeating with such small seeds.
I haven't looked deeper into the code, but if there is a seed function
which accepts an mpz_t, then please consider using it instead. And then
follow GMP's example and read 6 bytes of random data from /dev/urandom.
+ /* Unsigned long may be only 32 bits, and then a plain microsecond
+ count would wrap around in only 71 minutes. So instead, xor
+ microseconds with the most significant second bits, which are
+ the least "random". */
+ return tv.tv_sec ^ (tv.tv_usec << 12);
You probably need a cast there, else you'll typically end up with 32-bit
arithmetic there. (Or even better, use mpz_t here too.)
If you stick to 32-bit seeds, please make sure all arms of the code
explicitly truncate seeds to 32 bits. That will be less confusing when
sometimes in the future trying to repro a problem (else we could have a
problem triggered by a larger seed which would sometimes be truncated,
sometimes not truncated in the repro situation).
Please encrypt, key id 0xC8601622
More information about the gmp-devel