- From: Roger Hågensen <rescator@emsai.net>
- Date: Sun, 06 Feb 2011 09:04:50 +0100
On 2011-02-06 04:54, Boris Zbarsky wrote: > On 2/5/11 10:22 PM, Roger H?gensen wrote: > >> This is just my oppinion but... If they need random number generation in >> their script to be cryptographically secure to be protected from another >> "spying" script... >> then they are doing it wrong. Use HTTPS, issue solved right? > > No. Why would it be? Oh right! The flaw might even exist then as well, despite https and http not being mixable without warning. > >> I'm kinda intrigued about the people you've seen asking, and what >> exactly it is >> they are coding if that is an issue. *laughs* > > You may want to read these: > > https://bugzilla.mozilla.org/show_bug.cgi?id=464071 > https://bugzilla.mozilla.org/show_bug.cgi?id=475585 > https://bugzilla.mozilla.org/show_bug.cgi?id=577512 > https://bugzilla.mozilla.org/show_bug.cgi?id=322529 > .... [snip] > >> And don't forget that browsers like Chrome runs each tab in it's own >> process, which means the PRNG may not share the seed at all with another >> tab > > Well, yes, that's another approach to the Math.random problems. Do > read the above bug reports. > > -Boris > Outch yeah, a nice mess there. Math.random should be fixed (if implementations are bugged) so that cross-site tracking is not possible, besides that Math.random should just be a quick PRNG for generic use. The easiest fix (maybe this should be speced?) is that Math.random must have a separate seed per Tab/Page, this means that even an iframe would have a different seed than the parent page. If this was done, then those bugs could all be fixed (apparently). And it wouldn't hurt to advise Mother or Mersenne or similar as a "minimum" PRNG. Maybe seed should be speced in regards to tabs/pages etc, would this fall under WHATWG or the JS group? But anyway, those bugs does not need actual crypto quality PRNG, so it's a shame their fixing is hampered by a "fix vs new feature" discussion. I can't help but see these two "issues" as completely separate. 1. Fix the seeding of Math.random for tabs/pages so cross-site tracking is not possible. 2. Add Math.srandom or Crypto.random or Window.random a cryptographic PRNG data generator (which could map to OS API or even RNG Hardware). Hmm. What of the name of this thing? I think it would be better to ensure it is not named "random" but "srandom" or "s_random" or "c_random" to avoid any confusion with Math.random How about "cryptrnd", anyone? I'd hate to see a bunch of apps using cryptographically secure random numbers/data just because it was called "random", while in all likelyhood they'd be fine with Math.random instead. -- Roger "Rescator" H?gensen. Freelancer - http://www.EmSai.net/
Received on Sunday, 6 February 2011 00:04:50 UTC