[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7801 [Tor]: Our one use of tor_weak_random() is subtly wrong

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #7801 [Tor]: Our one use of tor_weak_random() is subtly wrong
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 27 Dec 2012 09:23:36 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 27 Dec 2012 04:23:45 -0500
In-reply-to: <045.075cfe3949f4d4a49602f2ae6f97264e@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.075cfe3949f4d4a49602f2ae6f97264e@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#7801: Our one use of tor_weak_random() is subtly wrong
-----------------------+----------------------------------------------------
 Reporter:  nickm      |          Owner:                    
     Type:  defect     |         Status:  new               
 Priority:  minor      |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor        |        Version:                    
 Keywords:  tor-relay  |         Parent:                    
   Points:             |   Actualpoints:                    
-----------------------+----------------------------------------------------

Comment(by cypherpunks):

 Replying to [ticket:7801 nickm]:
 > But that's subtly wrong. Many popular libcs' versions of random() use a
 linear congruential generator with a modulus that's a power of two, for
 which the low-order bits tend to have a much shorter period than the high-
 order bits.

 It's actually total wrong, and not because random() implementations.

 {{{
     int num_streams = 0;
     for (conn = first_conn; conn; conn = conn->next_stream) {
       num_streams++;
       if ((tor_weak_random() % num_streams)==0)
         chosen_stream = conn;
 }}}
 Every first checking of condition happens with num_streams = 1;
 Any (random) number % 1 == 0
 As result chosen_stream = first_conn. always.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7801#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #7801 [Tor]: Our one use of tor_weak_random() is subtly wrong
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #7291 [Tor]: Investigate making MaxOnionsPending time-based
Next by Author: Re: [tor-bugs] #7799 [Tor]: Tor seems to build+timeout circuits for hours when offline/idle
Previous by thread: [tor-bugs] #7801 [Tor]: Our one use of tor_weak_random() is subtly wrong
Next by thread: Re: [tor-bugs] #7801 [Tor]: Our one use of tor_weak_random() is subtly wrong
Index(es):
- Author
- Thread