[tor-bugs] #7801 [Tor]: Our one use of tor_weak_random() is subtly wrong

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Dec 26 23:33:27 UTC 2012


#7801: Our one use of tor_weak_random() is subtly wrong
-----------------------+----------------------------------------------------
 Reporter:  nickm      |          Owner:                    
     Type:  defect     |         Status:  new               
 Priority:  minor      |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor        |        Version:                    
 Keywords:  tor-relay  |         Parent:                    
   Points:             |   Actualpoints:                    
-----------------------+----------------------------------------------------
 In relay.c , we try to use tor_weak_random() to generate a 1/N random
 event using the pattern:
 {{{
    if ((tor_weak_random() % N) == 0)
 }}}

 But that's subtly wrong.  Many popular libcs' versions of random() use a
 linear congruential generator with a modulus that's a power of two, for
 which the low-order bits tend to have a much shorter period than the high-
 order bits.  So we'd probably be better off with something more like:
 {{{
   if (tor_weak_random() < TOR_RAND_MAX / N)
 }}}
 modulo rounding issues.  Perhaps a tor_rand_int(long maxval) would be
 smarter still.

 This isn't '''too''' big a problem, since if we're ever in a place where
 we can't tolerate not-too-random values, we shouldn't be using
 tor_weak_random().  Still, it's worth fixing.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7801>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list