rand, to generate session IDs.

dcf Thu, 29 Jun 2017 16:18:19 -0700

commit faeb8da8c910a1a29fe47264396bee7c18ad4bfc
Author: David Fifield <[email protected]>
Date:   Thu Jun 29 16:00:29 2017 -0700


    Use crypto/rand, not math/rand, to generate session IDs.
    
    math/rand always uses a deterministic seed. The sequence of session IDs
    was therefore always the same:
        Uv38ByGCZU8WP18PmmIdcg
        lWbHTRDYaB0NhtHpHgAWeQ
        ...
    
    Multiple copies of this program would have had session ID collisions. I
    don't know what the consequences of that would be.
---
 proxy-go/snowflake.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proxy-go/snowflake.go b/proxy-go/snowflake.go
index 079dcdc..27c4ab9 100644
--- a/proxy-go/snowflake.go
+++ b/proxy-go/snowflake.go
@@ -8,7 +8,7 @@ import (
        "io"
        "io/ioutil"
        "log"
-       "math/rand"
+       "crypto/rand"
        "net"
        "net/http"
        "net/url"



_______________________________________________
tor-commits mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [snowflake/master] Use crypto/rand, not math/rand, to generate session IDs.

Reply via email to