Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

getSecureRandomNumber will return min - 1 for big numbers #7

Open
XantreDev opened this issue Dec 12, 2024 · 2 comments
Open

getSecureRandomNumber will return min - 1 for big numbers #7

XantreDev opened this issue Dec 12, 2024 · 2 comments

Comments

@XantreDev
Copy link

XantreDev commented Dec 12, 2024
edited
Loading

I've didn't encountered this problem in real life (in ton wallet creation use case). But I would like to report it anyway

Problem

This code throws an exeception for bits size more than 53. But actually it should throw bit size more than 31

Why?

Because bits manipulations with JS number are restricted by 32 bit integer type. Left operand cast to integer happens every time when "|", "&" or "^" is applied to it.

for (let bits = 30; bits < 40; ++bits) {
    console.log(bits, (Math.pow(2, bits) - 1) & (Math.pow(2, bits) - 1))
}
image

So for a big number this code will return min-1

numberValue = numberValue & mask; // Truncate = -1
if (numberValue >= range) {
  continue;
}
return min + numberValue; // min + (-1)
@XantreDev
Copy link
Author

getSecureRandomBytes(bitsNeeded) I think should be called from bytesNeeded, because we iterate only first bytesNeeded elements

@Milon20232024
Copy link

0xc6989369843C2f0A9D10429E21e2cFdF8BFa1Eb9

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@XantreDev @Milon20232024