[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [snowflake/master] Use crypto/rand, not math/rand, to generate session IDs.

commit faeb8da8c910a1a29fe47264396bee7c18ad4bfc
Author: David Fifield <david@xxxxxxxxxxxxxxx>
Date:   Thu Jun 29 16:00:29 2017 -0700

    Use crypto/rand, not math/rand, to generate session IDs.
    
    math/rand always uses a deterministic seed. The sequence of session IDs
    was therefore always the same:
    	Uv38ByGCZU8WP18PmmIdcg
    	lWbHTRDYaB0NhtHpHgAWeQ
    	...
    
    Multiple copies of this program would have had session ID collisions. I
    don't know what the consequences of that would be.
---
 proxy-go/snowflake.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proxy-go/snowflake.go b/proxy-go/snowflake.go
index 079dcdc..27c4ab9 100644
--- a/proxy-go/snowflake.go
+++ b/proxy-go/snowflake.go
@@ -8,7 +8,7 @@ import (
 	"io"
 	"io/ioutil"
 	"log"
-	"math/rand"
+	"crypto/rand"
 	"net"
 	"net/http"
 	"net/url"



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits