[v8-dev] Fallback random number generator has weak entropy. (issue 24304006)

[bmeurer]

Reviewers: Dmitry Lomov (chromium),

Message:
Hey Dmitry,
Addressing the weak entropy issue we've had on Windows since the beginning.  
This
one is pretty much straight forward. PTAL
-- Benedikt
Description:
Fallback random number generator has weak entropy.

On Windows, only the current time is used to seed the random number
generator. If you spawn multiple instances of V8 at the same time,
they'll generate the same seed.

This patch mixes the PID in order to generate a bit more entropy,
and also uses the DJB2 hash to generate the seed from the entropy
data.

Based on a patch from Ben Noordhuis <i...@bnoordhuis.nl>.

BUG=v8:2905

Please review this at https://codereview.chromium.org/24304006/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files (+27, -5 lines):
  M src/utils/random-number-generator.cc


Index: src/utils/random-number-generator.cc
diff --git a/src/utils/random-number-generator.cc  
b/src/utils/random-number-generator.cc
index  
1e03ee24499208b1791d2c525088a07761b58a9e..1217b2461b7ca5d425340b2c5ae2a5ff112be054  
100644
--- a/src/utils/random-number-generator.cc
+++ b/src/utils/random-number-generator.cc
@@ -30,6 +30,7 @@
 #include <cstdio>

 #include "flags.h"
+#include "platform.h"
 #include "platform/mutex.h"
 #include "platform/time.h"
 #include "utils.h"
@@ -81,11 +82,32 @@ RandomNumberGenerator::RandomNumberGenerator() {

   // We cannot assume that random() or rand() were seeded
   // properly, so instead of relying on random() or rand(),
-  // we just seed our PRNG using timing data as fallback.
-  int64_t seed = Time::NowFromSystemTime().ToInternalValue() << 24;
-  seed ^= TimeTicks::HighResNow().ToInternalValue() << 16;
-  seed ^= TimeTicks::Now().ToInternalValue() << 8;
-  SetSeed(seed);
+  // we just seed our PRNG using timing data and process
+  // information as fallback. See:
+  // https://code.google.com/p/v8/issues/detail?id=2905
+  class Entropy V8_FINAL {
+   public:
+    Entropy() : system_time(Time::NowFromSystemTime()),
+                high_res_ticks(TimeTicks::HighResNow()),
+                ticks(TimeTicks::Now()),
+                process_id(OS::GetCurrentProcessId()) {}
+    int64_t Hash() const {
+      const uint8_t* ptr = reinterpret_cast<const uint8_t*>(this);
+      const uint8_t* end = ptr + sizeof(*this);
+      uint64_t hash = 5381;
+      for (; ptr < end; ++ptr) {
+        hash = ((hash << 5) + hash) + *ptr;
+      }
+      return static_cast<int64_t>(hash);
+    }
+
+   private:
+    Time system_time;
+    TimeTicks high_res_ticks;
+    TimeTicks ticks;
+    int process_id;
+  };
+  SetSeed(Entropy().Hash());
 }




--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.