[tor-bugs] #31967 [Circumvention/BridgeDB]: BridgeDB Server uses insecure pseudorandom generator for selecting cached captcha
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 27 20:38:10 UTC 2020
#31967: BridgeDB Server uses insecure pseudorandom generator for selecting cached
captcha
------------------------------------+-----------------------------------
Reporter: willbarr | Owner: (none)
Type: defect | Status: needs_revision
Priority: Medium | Milestone:
Component: Circumvention/BridgeDB | Version: sbws: unspecified
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------------+-----------------------------------
Changes (by dcf):
* status: needs_review => needs_revision
Comment:
It looks like the patch in comment:1 has some whitespace/indentation
problems. It might just be mangled by copy-and-paste. Try making a commit
in your local repo, and then run `git format-patch HEAD^!`. This will
create a patch file that you can attach and avoid any problems with
pasting into a text field.
It looks like you need to revise the patch to remove the `random.choice`
line, since you added the `random.SystemRandom().choice` replacement.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31967#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list