Lack of randomness in rand()

[guijan]

rand() has a dozen issues even when you seed it with a RNG, most of which are not relevant here, but there's still at least one issue with it that is still relevant to proxychains.

If different instances of proxychains get the same result from time() or clock_gettime() and call srand(current_time) at the same time, then as long as their rand()s use the same algorithm, they will get the same result. This could be on the same machine or across different machines.

The easiest solution is to use a proper RNG.
arc4random_uniform() is present on all the BSDs, macOS, Illumos, musl, dietlibc, recent glibc, Android, recent Haiku, but not Windows. On Windows, there's the equivalent BCryptGenRandom(). On Haiku, it's tucked inside a BSD compat library that is part of the system (you still have to link to it manually because it's not libc): https://review.haiku-os.org/c/haiku/+/32/3

[rofl0r]

If different instances of proxychains get the same result from time() or clock_gettime()

that problem was observed with the use of time() (one-second granularity), but it's been resolved by the use of clock_gettime() which has nanosecond granularity, which makes it impossible to have the same value twice.