[whatwg] Cryptographically strong random numbers

Roger Hågensen rescator at emsai.net
Sat Feb 5 19:22:39 PST 2011


On 2011-02-06 03:34, Boris Zbarsky wrote:
> The context in which I've seen people ask for cryptographically secure 
> Math.random are cases where one script can tell what random numbers 
> another script got by examining the sequence of random numbers it's 
> getting itself.  But I was never told what that "other script" was 
> doing, only that it wanted its random numbers to be unguessable.

Hmm! A hostile script/cross-site exploit?
But if a script is running "that close" to another script, isn't the 
guessing of the other script's random numbers the least of your worries?
The "bad script" is already inside the house anyway, but just in the 
other room right?

It kinda reminds me of Raymond Chen at MicroSoft. Just Google the 
following        site:msdn.com It rather involved being on the other 
side of this airtight hatchway
Kind reminds me of some of those stories.
I assume they are worried about two tabs or an iframe in a page, and a 
"bad" script is trying to figure out the random numbers another script has.

This is just my oppinion but... If they need random number generation in 
their script to be cryptographically secure to be protected from another 
"spying" script...
then they are doing it wrong. Use HTTPS, issue solved right? I'm kinda 
intrigued about the people you've seen asking, and what exactly it is 
they are coding if that is an issue. *laughs*
Besides, isn't there several things (by WHATWG even) that prevents such 
spying or even makes it impossible?

I have yet to hear of any actual panic regarding this, the same "issue" 
is theoretically know with EXE's as well.
But with the multithreaded and multicore CPU's, clock variations, and so 
on, trying to exploit the pattern in say a Mersienne Twister PRNG by 
pulling lots of random numbers
would either A. not work or B. cause a suspicious 100% cpu use on a core.
And don't forget that browsers like Chrome runs each tab in it's own 
process, which means the PRNG may not share the seed at all with another 
tab (I'm guessing pretty surely that each tab HAS it's own seed).
Besides, social engineering has a much higher success rate than this so...

Would be nice if some crypto/security experts popped their heads in 
about now though, in particular about the float question in previous 
posts :)


-- 
Roger "Rescator" Hågensen.
Freelancer - http://www.EmSai.net/



More information about the whatwg mailing list