[whatwg] Cryptographically strong random numbers

Roger Hågensen rescator at emsai.net
Sun Feb 6 00:04:50 PST 2011


On 2011-02-06 04:54, Boris Zbarsky wrote:
> On 2/5/11 10:22 PM, Roger Hågensen wrote:
>
>> This is just my oppinion but... If they need random number generation in
>> their script to be cryptographically secure to be protected from another
>> "spying" script...
>> then they are doing it wrong. Use HTTPS, issue solved right?
>
> No.  Why would it be?

Oh right! The flaw might even exist then as well, despite https and http 
not being mixable without warning.

>
>> I'm kinda intrigued about the people you've seen asking, and what 
>> exactly it is
>> they are coding if that is an issue. *laughs*
>
> You may want to read these:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=464071
> https://bugzilla.mozilla.org/show_bug.cgi?id=475585
> https://bugzilla.mozilla.org/show_bug.cgi?id=577512
> https://bugzilla.mozilla.org/show_bug.cgi?id=322529
>
.... [snip]
>
>> And don't forget that browsers like Chrome runs each tab in it's own
>> process, which means the PRNG may not share the seed at all with another
>> tab
>
> Well, yes, that's another approach to the Math.random problems.  Do 
> read the above bug reports.
>
> -Boris
>

Outch yeah, a nice mess there.

Math.random should be fixed (if implementations are bugged) so that 
cross-site tracking is not possible, besides that Math.random should 
just be a quick PRNG for generic use.
The easiest fix (maybe this should be speced?) is that Math.random must 
have a separate seed per Tab/Page, this means that even an iframe would 
have a different seed than the parent page.
If this was done, then those bugs could all be fixed (apparently). And 
it wouldn't hurt to advise Mother or Mersenne or similar as a "minimum" 
PRNG.
Maybe seed should be speced in regards to tabs/pages etc, would this 
fall under WHATWG or the JS group?

But anyway, those bugs does not need actual crypto quality PRNG, so it's 
a shame their fixing is hampered by a "fix vs new feature" discussion.
I can't help but see these two "issues" as completely separate.
1. Fix the seeding of Math.random for tabs/pages so cross-site tracking 
is not possible.
2. Add Math.srandom or Crypto.random or Window.random a cryptographic 
PRNG data generator (which could map to OS API or even RNG Hardware).


Hmm. What of the name of this thing?
I think it would be better to ensure it is not named "random" but 
"srandom" or "s_random" or "c_random" to avoid any confusion with 
Math.random
How about "cryptrnd", anyone?

I'd hate to see a bunch of apps using cryptographically secure random 
numbers/data just because it was called "random",
while in all likelyhood they'd be fine with Math.random instead.


-- 
Roger "Rescator" Hågensen.
Freelancer - http://www.EmSai.net/




More information about the whatwg mailing list