On 2011-02-06 04:54, Boris Zbarsky wrote:
On 2/5/11 10:22 PM, Roger Hågensen wrote:
This is just my oppinion but... If they need random number generation in
their script to be cryptographically secure to be protected from another
"spying" script...
then they are doing it wrong. Use HTTPS, issue solved right?
No. Why would it be?
Oh right! The flaw might even exist then as well, despite https and http
not being mixable without warning.
I'm kinda intrigued about the people you've seen asking, and what
exactly it is
they are coding if that is an issue. *laughs*
You may want to read these:
https://bugzilla.mozilla.org/show_bug.cgi?id=464071
https://bugzilla.mozilla.org/show_bug.cgi?id=475585
https://bugzilla.mozilla.org/show_bug.cgi?id=577512
https://bugzilla.mozilla.org/show_bug.cgi?id=322529
.... [snip]
And don't forget that browsers like Chrome runs each tab in it's own
process, which means the PRNG may not share the seed at all with another
tab
Well, yes, that's another approach to the Math.random problems. Do
read the above bug reports.
-Boris
Outch yeah, a nice mess there.
Math.random should be fixed (if implementations are bugged) so that
cross-site tracking is not possible, besides that Math.random should
just be a quick PRNG for generic use.
The easiest fix (maybe this should be speced?) is that Math.random must
have a separate seed per Tab/Page, this means that even an iframe would
have a different seed than the parent page.
If this was done, then those bugs could all be fixed (apparently). And
it wouldn't hurt to advise Mother or Mersenne or similar as a "minimum"
PRNG.
Maybe seed should be speced in regards to tabs/pages etc, would this
fall under WHATWG or the JS group?
But anyway, those bugs does not need actual crypto quality PRNG, so it's
a shame their fixing is hampered by a "fix vs new feature" discussion.
I can't help but see these two "issues" as completely separate.
1. Fix the seeding of Math.random for tabs/pages so cross-site tracking
is not possible.
2. Add Math.srandom or Crypto.random or Window.random a cryptographic
PRNG data generator (which could map to OS API or even RNG Hardware).
Hmm. What of the name of this thing?
I think it would be better to ensure it is not named "random" but
"srandom" or "s_random" or "c_random" to avoid any confusion with
Math.random
How about "cryptrnd", anyone?
I'd hate to see a bunch of apps using cryptographically secure random
numbers/data just because it was called "random",
while in all likelyhood they'd be fine with Math.random instead.
--
Roger "Rescator" Hågensen.
Freelancer - http://www.EmSai.net/