[tor-commits] [snowflake/master] Use crypto/rand, not math/rand, to generate session IDs.
dcf at torproject.org
dcf at torproject.org
Thu Jun 29 23:17:46 UTC 2017
commit faeb8da8c910a1a29fe47264396bee7c18ad4bfc
Author: David Fifield <david at bamsoftware.com>
Date: Thu Jun 29 16:00:29 2017 -0700
Use crypto/rand, not math/rand, to generate session IDs.
math/rand always uses a deterministic seed. The sequence of session IDs
was therefore always the same:
Uv38ByGCZU8WP18PmmIdcg
lWbHTRDYaB0NhtHpHgAWeQ
...
Multiple copies of this program would have had session ID collisions. I
don't know what the consequences of that would be.
---
proxy-go/snowflake.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/proxy-go/snowflake.go b/proxy-go/snowflake.go
index 079dcdc..27c4ab9 100644
--- a/proxy-go/snowflake.go
+++ b/proxy-go/snowflake.go
@@ -8,7 +8,7 @@ import (
"io"
"io/ioutil"
"log"
- "math/rand"
+ "crypto/rand"
"net"
"net/http"
"net/url"
More information about the tor-commits
mailing list