[whatwg] Cryptographically strong random numbers
rescator at emsai.net
Sun Feb 6 00:04:50 PST 2011
On 2011-02-06 04:54, Boris Zbarsky wrote:
> On 2/5/11 10:22 PM, Roger Hågensen wrote:
>> This is just my oppinion but... If they need random number generation in
>> their script to be cryptographically secure to be protected from another
>> "spying" script...
>> then they are doing it wrong. Use HTTPS, issue solved right?
> No. Why would it be?
Oh right! The flaw might even exist then as well, despite https and http
not being mixable without warning.
>> I'm kinda intrigued about the people you've seen asking, and what
>> exactly it is
>> they are coding if that is an issue. *laughs*
> You may want to read these:
>> And don't forget that browsers like Chrome runs each tab in it's own
>> process, which means the PRNG may not share the seed at all with another
> Well, yes, that's another approach to the Math.random problems. Do
> read the above bug reports.
Outch yeah, a nice mess there.
Math.random should be fixed (if implementations are bugged) so that
cross-site tracking is not possible, besides that Math.random should
just be a quick PRNG for generic use.
The easiest fix (maybe this should be speced?) is that Math.random must
have a separate seed per Tab/Page, this means that even an iframe would
have a different seed than the parent page.
If this was done, then those bugs could all be fixed (apparently). And
it wouldn't hurt to advise Mother or Mersenne or similar as a "minimum"
Maybe seed should be speced in regards to tabs/pages etc, would this
fall under WHATWG or the JS group?
But anyway, those bugs does not need actual crypto quality PRNG, so it's
a shame their fixing is hampered by a "fix vs new feature" discussion.
I can't help but see these two "issues" as completely separate.
1. Fix the seeding of Math.random for tabs/pages so cross-site tracking
is not possible.
2. Add Math.srandom or Crypto.random or Window.random a cryptographic
PRNG data generator (which could map to OS API or even RNG Hardware).
Hmm. What of the name of this thing?
I think it would be better to ensure it is not named "random" but
"srandom" or "s_random" or "c_random" to avoid any confusion with
How about "cryptrnd", anyone?
I'd hate to see a bunch of apps using cryptographically secure random
numbers/data just because it was called "random",
while in all likelyhood they'd be fine with Math.random instead.
Roger "Rescator" Hågensen.
Freelancer - http://www.EmSai.net/
More information about the whatwg