239735 2022-04-25 11:29:19 -0700 [libpas] Implement secure random numbers 2022-04-27 10:32:14 -0700 1 1 1 Unclassified WebKit bmalloc Other Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 brandonstewart brandonstewart ggaren webkit-bug-importer ysuzuki oldest_to_newest 1864160 0 brandonstewart 2022-04-25 11:29:19 -0700 We currently have a cheesy random and secure random, which use the same implementation for generating random numbers. (We are going to ignore the mock testing code here). This patch introduces a fast random and secure random. The fast random maintains the same properties as the previous implementation, while secure random will use the cryptographically secure arc4random_uniform to give better randomness. arc4random() can be quite an expensive operation and based on discussing with Yusuke he found heavy performance penalties when using this in JSC. Our secure random shall only be used in cases where true randomness is needed. We have 2 spots where we currently use secure random we shall just migrate those over to using fast random. 1864175 1 ggaren 2022-04-25 11:45:45 -0700 Can we re-use WTF::WeakRandom for this (or reuse the alogrithm)? 1864179 2 brandonstewart 2022-04-25 11:54:07 -0700 Pull request: https://github.com/WebKit/WebKit/pull/379 1864225 3 brandonstewart 2022-04-25 14:16:25 -0700 (In reply to Geoffrey Garen from comment #1) > Can we re-use WTF::WeakRandom for this (or reuse the alogrithm)? We could probably reimplement the WeakRandom algorithm to replace the fast generator (just took a brief look at the code). The main goal of this patch was to separate the fast and secure random generator, and provide a suitable secure random generator. Replacing the fast random generator can be further investigated in a future patch. 1864236 4 ggaren 2022-04-25 14:49:03 -0700 OK, got it! 1864842 5 ews-feeder 2022-04-27 10:31:10 -0700 Committed r293518 (250049@main): <https://commits.webkit.org/250049@main> Reviewed commits have been landed. Closing PR #379 and removing active labels. 1864843 6 webkit-bug-importer 2022-04-27 10:32:14 -0700 <rdar://problem/92406887>