W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2011

[whatwg] Cryptographically strong random numbers

From: Brendan Eich <brendan@mozilla.org>
Date: Tue, 22 Feb 2011 15:34:03 -0800
Message-ID: <A1F52C0B-6DB9-43F0-AAF0-AD2AA4E8A223@mozilla.org>
On Feb 22, 2011, at 2:49 PM, Erik Corry wrote:
> I can find Klein's complaints that the implementation of Math.random is insecure but not his complaints about the API.  Do you have a link?

In the paper linked from http://seclists.org/bugtraq/2010/Dec/13 section 3 ("3. The non-uniformity bug"), viz:

"Due to issues with rounding when converting the 54 bit quantity to a double precision number (as explained in http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf section 2.1, x2 may not accurately represent the state bits if the whole double precision number is ?0.5."

but that link dangles, and I haven't had time to read more.

The general concern about the API arises because Adam's API returns a typed array result that could have lenght > 1, i.e., not a random result that fits in at most 32 (or even 53) bits.

/be
Received on Tuesday, 22 February 2011 15:34:03 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:31 UTC