Improve string randomness

Current implementation of function fill_rand_string() uses randombytes() to get random bytes and then gets modulus of 26. However, since the number of variations is 256, which is not exact division of 26, this causes the last four characters 'w', 'x', 'y', and 'z' appearing with less frequency than other characters. By testing, the entropy 4.699504 and arithmetic mean 109.3771 slightly deviates from the theoretical values log2(26)=4.700440 and 109.5, respectively. Regarding the samples and function to calculate the arithmetic mean, 150,000 samples were generated via the command "ih RAND" and these samples are used as argument to the "ent" command to calculate entropy and arithmetic mean. Here we expand buffer to 64-bit unsigned integer before getting random bytes. Calculating modulus on 64-bit unsigned integer gives more random result. After implementation, the entropy 4.700423 and arithmetic mean 109.5105 are improved to be closer to theoretical values.
sysprog21 · Mar 20, 2024 · d48c56d · d48c56d
1 parent 6c80a7d
commit d48c56d
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/qtest.c b/qtest.c
@@ -172,9 +172,11 @@ static void fill_rand_string(char *buf, size_t buf_size)
     while (len < MIN_RANDSTR_LEN)
         len = rand() % buf_size;
 
-    randombytes((uint8_t *) buf, len);
+    uint64_t randstr_buf_64[MAX_RANDSTR_LEN] = {0};
+    randombytes((uint8_t *) randstr_buf_64, len * sizeof(uint64_t));
     for (size_t n = 0; n < len; n++)
-        buf[n] = charset[buf[n] % (sizeof(charset) - 1)];
+        buf[n] = charset[randstr_buf_64[n] % (sizeof(charset) - 1)];
+
     buf[len] = '\0';
 }