[whatwg] Cryptographically strong random numbers

Boris Zbarsky bzbarsky at MIT.EDU
Sat Feb 5 19:54:35 PST 2011


On 2/5/11 10:22 PM, Roger Hågensen wrote:
> The "bad script" is already inside the house anyway, but just in the
> other room right?

Whatever that means.

> This is just my oppinion but... If they need random number generation in
> their script to be cryptographically secure to be protected from another
> "spying" script...
> then they are doing it wrong. Use HTTPS, issue solved right?

No.  Why would it be?

> I'm kinda intrigued about the people you've seen asking, and what exactly it is
> they are coding if that is an issue. *laughs*

You may want to read these:

https://bugzilla.mozilla.org/show_bug.cgi?id=464071
https://bugzilla.mozilla.org/show_bug.cgi?id=475585
https://bugzilla.mozilla.org/show_bug.cgi?id=577512
https://bugzilla.mozilla.org/show_bug.cgi?id=322529

and then you'll know everything I know about the problem.  ;)

> Besides, isn't there several things (by WHATWG even) that prevents such
> spying or even makes it impossible?

Do read the above bug reports.

> But with the multithreaded and multicore CPU's, clock variations, and so
> on, trying to exploit the pattern in say a Mersienne Twister PRNG

Which is a heck of a lot harder to guess than the PRNG Math.random 
actually uses in Gecko, fwiw.

> by pulling lots of random numbers
> would either A. not work or B. cause a suspicious 100% cpu use on a core.

Suspicious to whom?  Most users don't watch their CPU usage; they have 
better things to do with their time!

> And don't forget that browsers like Chrome runs each tab in it's own
> process, which means the PRNG may not share the seed at all with another
> tab

Well, yes, that's another approach to the Math.random problems.  Do read 
the above bug reports.

-Boris



More information about the whatwg mailing list