Bug#532517: marked as done (predictable random number generator used in web browsers)

Thu, 25 Jun 2009 15:30:04 -0700 

Your message dated Fri, 26 Jun 2009 00:06:53 +0200
with message-id <[email protected]>
and subject line Re: predictable random number generator used in web browsers
has caused the Debian Bug report #532517,
regarding predictable random number generator used in web browsers
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
532517: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532517
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
package: webkit
severity: serious
tags: security

hello,

it has been discovered that all of the major web browsers use a
predictable pseudo-random number generator (PRNG).  please see
reference [0]. the robust solution is to switch to a provably
unpredictable PRNG such as Blum Blum Shub [1,2].

[0] http://www.trusteer.com/temporary-user-tracking-in-major-browsers
[1] Lenore Blum, Manual Blum, and Michael Shub, "A Simple Unpredictable
Pseudo-Random Number Generator," SIAM Journal on Computing, volume 15,
pages 364-383, May 1986.
[2] http://rng.doesntexist.org/gmpbbs

--- End Message ---
--- Begin Message --- 
On Tue, Jun 09, 2009 at 03:16:45PM -0400, Michael S. Gilbert wrote:
> package: webkit
> severity: serious
> tags: security
> 
> hello,
> 
> it has been discovered that all of the major web browsers use a
> predictable pseudo-random number generator (PRNG).  please see
> reference [0]. the robust solution is to switch to a provably
> unpredictable PRNG such as Blum Blum Shub [1,2].
> 
> [0] http://www.trusteer.com/temporary-user-tracking-in-major-browsers
> [1] Lenore Blum, Manual Blum, and Michael Shub, "A Simple Unpredictable
> Pseudo-Random Number Generator," SIAM Journal on Computing, volume 15,
> pages 364-383, May 1986.
> [2] http://rng.doesntexist.org/gmpbbs

AFAICT all the necessary code is present in Xulrunner, which already
has a bug opened.

Cheers,
        Moritz

--- End Message ---

Reply via email to