- From: Brendan Eich <brendan@secure.meer.net>
- Date: Mon, 02 Sep 2013 21:16:32 -0700
- To: "Tab Atkins Jr." <jackalmage@gmail.com>
- CC: Boris Zbarsky <bzbarsky@mit.edu>, "public-script-coord@w3.org" <public-script-coord@w3.org>
Tab Atkins Jr. wrote: > Is your concern with correlation that authors (or libraries, rather) > might attack the PRNG to predict the index, and provide an array > wrapper that auto-corrects the starting index to 0? I'm not the right > person to ask about what properties this would need, and how to most > cheaply achieve it. Remember http://xforce.iss.net/xforce/xfdb/72049? The fix was to randomize but care was required to avoid further attacks. Also IIRC there was performance blow-back (odd performance faults). /be
Received on Tuesday, 3 September 2013 04:16:58 UTC