Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

coin selection code uses unseeded rand() call #1057

Closed
dooglus opened this issue Apr 7, 2012 · 5 comments
Closed

coin selection code uses unseeded rand() call #1057

dooglus opened this issue Apr 7, 2012 · 5 comments
Labels
Bug

Comments

@dooglus
Copy link
Contributor

dooglus commented Apr 7, 2012

In the code which selects which coins to use, the following appears:

if (nPass == 0 ? rand() % 2 : !vfIncluded[i])

but rand() is never seeded.

Should we use GetRandInt(2) instead to get unpredictable results?
@dooglus dooglus mentioned this issue Apr 7, 2012
Closed
@laanwj
Copy link
Member

laanwj commented Apr 7, 2012

Probably. It is the only place in the source where rand() is used.

@dooglus
Copy link
Contributor Author

dooglus commented Apr 7, 2012

I see it in commented code in main.cpp too:

    //while (rand() % 3 == 0)
    //    mapNext[pindex->pprev].push_back(pindex);

I wonder if perhaps it's deliberate, because the wallet rand() code is in a tight loop and we don't want to exhaust our entropy source.

@gmaxwell
Copy link
Contributor

gmaxwell commented Apr 7, 2012

That loop execute a great many times— a proper cryptographically secure RNG is probably going to be noticeably slow here. If it is, then would anyone object to using a fast PRNG seeded by RandBytes at the start of the function?

In general I don't think there is a big privacy concern here— even knowing the random sequence completely shouldn't matter unless you also know the inputs under consideration.

@laanwj laanwj closed this as completed Apr 9, 2012
@laanwj laanwj reopened this Apr 9, 2012
@laanwj
Copy link
Member

laanwj commented Apr 9, 2012

@gmaxwell also, rand() is not thread-safe according to its man page, using rand_r(*seed) is recommended in that case is as it has explicit state.

If there is no privacy concern here, a simple solution would be using rand_r with the state (just one int) generated at the beginning of the function with GetRandInt().

@laanwj laanwj mentioned this issue Aug 18, 2012
Closed
@laanwj
Copy link
Member

laanwj commented Dec 22, 2013

We don't use rand() anymore but our own insecure_rand() for non-security-critical randomness that does get seeded. Closing this.

@laanwj laanwj closed this as completed Dec 22, 2013
sanch0panza pushed a commit to sanch0panza/bitcoin that referenced this issue May 17, 2018
@sickpig @gandrewstone
Bump version to 1.3.0.1 (bitcoin#1057)
4219bb2
lateminer pushed a commit to lateminer/bitcoin that referenced this issue Dec 25, 2019
@random-zebra
Merge bitcoin#1057: [UI] Fix AA_EnableHighDpiScaling warning
d4e6525 
9b8955a Fix AA_EnableHighDpiScaling warning (Akshay)

Pull request description:

  Fixes the following warning

  `Attribute Qt::AA_EnableHighDpiScaling must be set before QCoreApplication is created.`

  Tested on macOS 10.14.6

ACKs for top commit:
  furszy:
    ACK 9b8955a
  random-zebra:
    utACK 9b8955a and merging...

Tree-SHA512: f65b10f570bd642da9428e634c89bfe6303ccbeb1f3995c85993845c86a321dccb1f50cdd39832e4c2e910942f0b284944bd88cd181cf7a15fc46279e30e22b3
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Sep 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@laanwj @dooglus @gmaxwell