GODRIVER-2349 Seed all pseudorandom number generators with a crypto-secure random number. #889
+118
−15
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
prestonvasquez
approved these changes
Mar 29, 2022
matthewdale
force-pushed
the
godriver2349-use-crypto-seed
branch
2 times, most recently
from
c6335ff to
250cfb7
Compare
benjirewis
suggested changes
Mar 30, 2022
matthewdale
commented
Mar 30, 2022
There was a problem hiding this comment.
@benjirewis Responding to your question: Yes, TestGlobalSource does fail reliably on my workstation with 1,000 goroutines using time.Now().UnixNano() as a seed value. However, the test is not deterministic because the timing depends on runtime conditions, which may be different on the Evergreen hosts. I can bump the number of goroutines to 10,000 to increase the probability that the test will expose any issues. Edit: Increasing the number of goroutines actually causes issues because of the issue described here, so I'll leave it at 1,000.
matthewdale
force-pushed
the
godriver2349-use-crypto-seed
branch
from
740fdd6 to
a89b49a
Compare
benjirewis
approved these changes
Mar 30, 2022
There was a problem hiding this comment.
LGTM; thanks for filing GODRIVER-2361, too. This stuff is very interesting 🤔
matthewdale
added a commit
that referenced
this pull request
Mar 31, 2022
…ecure random number. (#889)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
GODRIVER-2349
On some versions of Go and on some operating systems,
time.Now()returns a time with lower-than-expected resolution (updates every 500μs to 15ms). The Go driver usestime.Now().UnixNano()to seed some pseudo-random number generators, including the one for generating session IDs here. Due to that, it's possible, under the right conditions, to start two processes that reproduce the same sequence of session IDs if they are started at almost the same time.To remove that possibility, read an
int64value from the"crypto/rand".Readerand use it to seed all pseudo-random number generators in the driver.