[tor-bugs] #31967 [Circumvention/BridgeDB]: BridgeDB Server uses insecure pseudorandom generator for selecting cached captcha
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 4 10:01:12 UTC 2019
#31967: BridgeDB Server uses insecure pseudorandom generator for selecting cached
captcha
-------------------------------+----------------------------------------
Reporter: willbarr | Owner: (none)
Type: defect | Status: new
Priority: Medium | Component: Circumvention/BridgeDB
Version: sbws: unspecified | Severity: Normal
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------+----------------------------------------
https://gitweb.torproject.org/bridgedb.git/tree/bridgedb/captcha.py#n389
From python documentation: The pseudo-random generators of this module
(random) should not be used for security purposes.
It should use the secrets module `secrets.choice()` or if you plan to keep
python2 compatibility `random.SystemRandom.choice()`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31967>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list