[v8-dev] Issue 2905 in v8: windows: random number generator has weak entropy

Fri, 20 Sep 2013 15:06:23 -0700 

Status: New
Owner: ----
New issue 2905 by [email protected]: windows: random number generator has weak entropy 
http://code.google.com/p/v8/issues/detail?id=2905

See https://github.com/joyent/node/issues/6250 for an example.
On Windows, only the current time is used to seed the random number generator. If you spawn multiple instances of V8 at the same time, they'll generate the same seed.
I'm not sure if this qualifies as a vulnerability but it's certainly undesirable behavior.
I've attached a patch that mixes in the PID in order to generate a bit more entropy. I'm not saying you should take it as-is but maybe it can function as a starting point.
diff --git a/src/utils/random-number-generator.cc b/src/utils/random-number-generator.cc 
index 1e03ee2..4d286cc 100644
--- a/src/utils/random-number-generator.cc
+++ b/src/utils/random-number-generator.cc
@@ -32,6 +32,7 @@
 #include "flags.h"
 #include "platform/mutex.h"
 #include "platform/time.h"
+#include "platform.h"
 #include "utils.h"

 namespace v8 {
@@ -85,6 +86,17 @@ RandomNumberGenerator::RandomNumberGenerator() {
   int64_t seed = Time::NowFromSystemTime().ToInternalValue() << 24;
   seed ^= TimeTicks::HighResNow().ToInternalValue() << 16;
   seed ^= TimeTicks::Now().ToInternalValue() << 8;
+  // Mix in the process ID. Run it through a DJB hash to shuffle
+  // the bits around because the PID by itself won't have much
+  // entropy, most of its bits will be zero.
+  uint32_t pid = OS::GetCurrentProcessId();
+  uint64_t hash = 0x1505;
+  hash = (hash * 33) + ((pid >> 0) & 255);
+  hash = (hash * 33) + ((pid >> 8) & 255);
+  hash = (hash * 33) + ((pid >> 16) & 255);
+  hash = (hash * 33) + ((pid >> 24) & 255);
+  hash = ((hash & 0x3FFFFFFFUL) << 32) | (hash & 0xFFFFFFFFUL);
+  seed ^= hash;
   SetSeed(seed);
 }



--
You received this message because this project is configured to send all issue notifications to this address. 
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- You received this message because you are subscribed to the Google Groups "v8-dev" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to