From: "Theo de Raadt" <deraadt@openbsd.org>
To: Alejandro Colomar <alx.manpages@gmail.com>
Cc: otto@cvs.openbsd.org, djm@cvs.openbsd.org,
libc-alpha@sourceware.org, "Alejandro Colomar" <alx@kernel.org>,
"Theo de Raadt" <deraadt@theos.com>,
"Todd C . Miller" <Todd.Miller@sudo.ws>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
=?UTF-8?Q?Cristian_Rodr=c3=adguez?= <crrodriguez@opensuse.org>,
"Adhemerval Zanella" <adhemerval.zanella@linaro.org>,
"Yann Droneaud" <ydroneaud@opteya.com>,
"Joseph Myers" <joseph@codesourcery.com>,
"Serge Hallyn" <serge@hallyn.com>,
"Iker Pedrosa" <ipedrosa@redhat.com>
Subject: Re: [PATCH] Give a useful meaning to arc4random_uniform(0);
Date: Sun, 01 Jan 2023 01:41:45 -0700 [thread overview]
Message-ID: <2720.1672562505@cvs.openbsd.org> (raw)
In-Reply-To: <23022d82-6573-42bd-ea19-d050ebe08ff5@gmail.com>
Alejandro Colomar <alx.manpages@gmail.com> wrote:
> Hi Theo,
>
> On 12/31/22 16:13, Alejandro Colomar wrote:
> > Hi Theo,
> > On 12/31/22 15:56, Alejandro Colomar wrote:
> >>>
> >>> I do not like your proposal at all. A function like arc4random_range()
> >>> is even more likely to be used wrong by passing backwards points
> >>> and you seem to have a lot of hubris to add a range check to it.
> > I didn't understand the entire sentence, since I'm not a native
> > English speaker. Sorry for that. About adding a range check, I'm
> > not against it. But what to do in that case? abort()? I don't see
> > anything significantly better? In the Linux kernel, the used
> > something BUILD_BUG, but I don't know those macros very much.
> > I'm really open to discussion about what would the the best behavior
> > when max < min.
>
> Since there's no obvious thing to do when the bounds are reversed
> (some may want to abort(); others may prefer to set errno?; others may
> just want to ignore the possibility...
>
> I tried to understand what it does with the obvious implementation:
>
>
> > Alejandro Colomar <alx.manpages@gmail.com> wrote:
> >> uint32_t
> >> arc4random_range(uint32_t min, uint32_t max)
> >> {
> >> return arc4random_uniform(max - min + 1) + min;
> >> }
>
> Well, let's substitute with some actual values:
>
> arc4random_range(7, 4);
>
> This will result in:
>
> arc4random_uniform(4 - 7 + 1) + 7;
>
> which evaluates to:
>
> arc4random_uniform(-2) + 7;
>
> and is equivalent to:
>
> arc4random_uniform(UINT32_MAX - 1) + 7;
>
> Let's first ignore the +7. The arc4random_uniform(UINT32_MAX - 1)
> call can generate 2^32 - 2 random numbers. By offsetting to 7, the 2
> value that are excluded are 6 and 5.
>
> So it seems that a reversed call to arc4random_range(min, max) has an
> interesting property: it generates random numbers outside of the
> non-inclusive range (min, max), that is the compementary set of
> numbers that arc4random(max, min) would produce.
>
> If properly documented, it's not a bad behavior.
With that quality of reasoning, there are only two possible conclusions
about why this email thread is happening. I though these conclusions
were original, but others privately made these suggestions also:
1. you are trolling us
2. you are not sufficiently intelligent to be permitted near a C compiler.
I cannot think of a third option.
I am going to give you the benefit of the doubt and select option 1, and
trolls are deal with calling them trolls, and thennever replying again. Bye.
next prev parent reply other threads:[~2023-01-01 8:41 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-31 2:36 Alejandro Colomar
2022-12-31 2:48 ` Alejandro Colomar
2022-12-31 2:57 ` Jason A. Donenfeld
2022-12-31 13:39 ` Alejandro Colomar
2022-12-31 8:50 ` Theo de Raadt
2022-12-31 8:51 ` Theo de Raadt
2022-12-31 14:56 ` Alejandro Colomar
2022-12-31 15:13 ` Alejandro Colomar
2022-12-31 15:17 ` Alejandro Colomar
2022-12-31 15:59 ` Alejandro Colomar
2022-12-31 16:03 ` Alejandro Colomar
2023-01-01 8:41 ` Theo de Raadt [this message]
2022-12-31 23:07 ` Damien Miller
2022-12-31 23:58 ` Alejandro Colomar
2023-01-01 7:48 ` Ariadne Conill
2023-01-01 9:21 ` Otto Moerbeek
2023-01-01 14:05 ` Alejandro Colomar
2023-01-01 8:34 ` Theo de Raadt
2023-01-01 21:37 ` Arsen Arsenović
2023-01-01 23:50 ` Alejandro Colomar
2023-01-02 0:02 ` Arsen Arsenović
2023-01-02 11:24 ` Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2720.1672562505@cvs.openbsd.org \
--to=deraadt@openbsd.org \
--cc=Jason@zx2c4.com \
--cc=Todd.Miller@sudo.ws \
--cc=adhemerval.zanella@linaro.org \
--cc=alx.manpages@gmail.com \
--cc=alx@kernel.org \
--cc=crrodriguez@opensuse.org \
--cc=deraadt@theos.com \
--cc=djm@cvs.openbsd.org \
--cc=ipedrosa@redhat.com \
--cc=joseph@codesourcery.com \
--cc=libc-alpha@sourceware.org \
--cc=otto@cvs.openbsd.org \
--cc=serge@hallyn.com \
--cc=ydroneaud@opteya.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).