commit faeb8da8c910a1a29fe47264396bee7c18ad4bfc Author: David Fifield david@bamsoftware.com Date: Thu Jun 29 16:00:29 2017 -0700

Use crypto/rand, not math/rand, to generate session IDs.

math/rand always uses a deterministic seed. The sequence of session IDs was therefore always the same: Uv38ByGCZU8WP18PmmIdcg lWbHTRDYaB0NhtHpHgAWeQ ...

Multiple copies of this program would have had session ID collisions. I don't know what the consequences of that would be. --- proxy-go/snowflake.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proxy-go/snowflake.go b/proxy-go/snowflake.go index 079dcdc..27c4ab9 100644 --- a/proxy-go/snowflake.go +++ b/proxy-go/snowflake.go @@ -8,7 +8,7 @@ import ( "io" "io/ioutil" "log" - "math/rand" + "crypto/rand" "net" "net/http" "net/url"