mirror of
https://github.com/qTox/qTox.git
synced 2024-03-22 14:00:36 +08:00
fix: Usage of random
- Seed random in Core Thread. Core Thread didn't seed random, resulting in always using the same bootstrap nodes, even when you restart qTox or change profiles. - Use QDateTime::currentMSecsSinceEpoch() for seeding random. It provides a bigger range of numbers than QTime::currentTime().msec() does, and the latter somehow managed to result in approximately the same first random number being generated, within a certain range. - Use something a it more sensible than a mod operation to bound random numbers within a range. It's not perfect either, but a lot better. Using mod on random skews its distribution too much. - Use QRandomGenerator's bounded() function to generate random values within a range. - Enable QRandomGenerator's usage starting with Qt 5.10.0. QRandomGenerator is present since Qt 5.10.0, not 5.15.0. - Bootstrap off every 5th node instead of two consecutive nodes. It's likely that two consecutive nodes will have the same owner, which makes some attacks more likely. The node selection algorithm should be scraped and redone from scratch to be honest though.
This commit is contained in:
parent
9da1e3bbdf
commit
f5f42233ca
|
@ -34,8 +34,10 @@
|
||||||
#include "util/strongtype.h"
|
#include "util/strongtype.h"
|
||||||
|
|
||||||
#include <QCoreApplication>
|
#include <QCoreApplication>
|
||||||
#if (QT_VERSION >= QT_VERSION_CHECK(5, 15, 0))
|
#if (QT_VERSION >= QT_VERSION_CHECK(5, 10, 0))
|
||||||
#include <QRandomGenerator>
|
#include <QRandomGenerator>
|
||||||
|
#else
|
||||||
|
#include <QDateTime>
|
||||||
#endif
|
#endif
|
||||||
#include <QRegularExpression>
|
#include <QRegularExpression>
|
||||||
#include <QString>
|
#include <QString>
|
||||||
|
@ -667,6 +669,10 @@ void Core::onStarted()
|
||||||
{
|
{
|
||||||
ASSERT_CORE_THREAD;
|
ASSERT_CORE_THREAD;
|
||||||
|
|
||||||
|
#if (QT_VERSION < QT_VERSION_CHECK(5, 10, 0))
|
||||||
|
qsrand(static_cast<uint>(QDateTime::currentMSecsSinceEpoch()));
|
||||||
|
#endif
|
||||||
|
|
||||||
// One time initialization stuff
|
// One time initialization stuff
|
||||||
QString name = getUsername();
|
QString name = getUsername();
|
||||||
if (!name.isEmpty()) {
|
if (!name.isEmpty()) {
|
||||||
|
@ -795,10 +801,10 @@ void Core::bootstrapDht()
|
||||||
}
|
}
|
||||||
|
|
||||||
int i = 0;
|
int i = 0;
|
||||||
#if (QT_VERSION >= QT_VERSION_CHECK(5, 15, 0))
|
#if (QT_VERSION >= QT_VERSION_CHECK(5, 10, 0))
|
||||||
static int j = QRandomGenerator::global()->generate() % listSize;
|
static int j = QRandomGenerator::global()->bounded(listSize);
|
||||||
#else
|
#else
|
||||||
static int j = qrand() % listSize;
|
static int j = static_cast<int>((static_cast<double>(qrand()) / static_cast<double>(RAND_MAX+1l)) * listSize);
|
||||||
#endif
|
#endif
|
||||||
// i think the more we bootstrap, the more we jitter because the more we overwrite nodes
|
// i think the more we bootstrap, the more we jitter because the more we overwrite nodes
|
||||||
while (i < 2) {
|
while (i < 2) {
|
||||||
|
@ -827,7 +833,8 @@ void Core::bootstrapDht()
|
||||||
PARSE_ERR(error);
|
PARSE_ERR(error);
|
||||||
}
|
}
|
||||||
|
|
||||||
++j;
|
// bootstrap off every 5th node (+ a special case to avoid cycles when listSize % 5 == 0)
|
||||||
|
j += 5 + !(listSize % 5);
|
||||||
++i;
|
++i;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,8 +23,10 @@
|
||||||
#include <QDebug>
|
#include <QDebug>
|
||||||
#include <QFile>
|
#include <QFile>
|
||||||
#include <QMessageBox>
|
#include <QMessageBox>
|
||||||
#if (QT_VERSION >= QT_VERSION_CHECK(5, 15, 0))
|
#if (QT_VERSION >= QT_VERSION_CHECK(5, 10, 0))
|
||||||
#include <QRandomGenerator>
|
#include <QRandomGenerator>
|
||||||
|
#else
|
||||||
|
#include <QDateTime>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include "src/core/core.h"
|
#include "src/core/core.h"
|
||||||
|
@ -102,19 +104,16 @@ void PrivacyForm::showEvent(QShowEvent*)
|
||||||
|
|
||||||
void PrivacyForm::on_randomNosapamButton_clicked()
|
void PrivacyForm::on_randomNosapamButton_clicked()
|
||||||
{
|
{
|
||||||
QTime time = QTime::currentTime();
|
|
||||||
#if (QT_VERSION >= QT_VERSION_CHECK(5, 15, 0))
|
|
||||||
QRandomGenerator(static_cast<uint>(time.msec()));
|
|
||||||
#else
|
|
||||||
qsrand(static_cast<uint>(time.msec()));
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t newNospam{0};
|
uint32_t newNospam{0};
|
||||||
for (int i = 0; i < 4; ++i)
|
|
||||||
#if (QT_VERSION >= QT_VERSION_CHECK(5, 15, 0))
|
#if (QT_VERSION >= QT_VERSION_CHECK(5, 10, 0))
|
||||||
newNospam = (newNospam << 8) + (QRandomGenerator::global()->generate() % 256); // Generate byte by byte. For some reason.
|
// guarantees to give a random 32-bit unsigned integer
|
||||||
|
newNospam = QRandomGenerator::global()->generate();
|
||||||
#else
|
#else
|
||||||
newNospam = (newNospam << 8) + (qrand() % 256); // Generate byte by byte. For some reason.
|
qsrand(static_cast<uint>(QDateTime::currentMSecsSinceEpoch()));
|
||||||
|
for (int i = 0; i < 4; ++i)
|
||||||
|
// Generate byte by byte, as qrand() is guaranteed to have only 15 bits of randomness (RAND_MAX is guaranteed to be 2^15)
|
||||||
|
newNospam = (newNospam << 8) + (static_cast<int>((static_cast<double>(qrand()) / static_cast<double>(RAND_MAX+1l)) * 256));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
core->setNospam(newNospam);
|
core->setNospam(newNospam);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user