I work in security and I’ve seen modulus (modulo) used in many encoding and crypto algorithms. However, today, a friend of mine mentioned that using modulo like this:
unsigned long int result = some_CSPRNG_output % 556600;
“Limits the security effectiveness of the CSPRNG.”
If you are not familiar with C, the pseudo-code there is essentially stating that the output of some cryptographically secure random number generator, such as
/dev/urandom on a linux system, squeezed into a positive integer, is assigned to the variable “result.”
The idea behind his argument is that modulus limits the number of possible outputs, therefore weakening the strength of the entropy. He stated for example, that if we have a CSPRNG output and we compute it with modulo 2, there are fewer possibilities of outcome, thus the entropy is weaker.
Is this true? Please explain why or why not.