Bug 26972
| Summary: | predictable random number generator used in web browsers | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Michael Gilbert <michael.s.gilbert> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | abarth, ddkilzer, jmalonzo, oliver, sam, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | All | ||
| OS: | All | ||
| URL: | http://www.trusteer.com/temporary-user-tracking-in-major-browsers | ||
Michael Gilbert
hello,
it has been discovered that all of the major web browsers use a
predictable pseudo-random number generator (PRNG). please see
reference [0]. the robust solution is to switch to a provably
unpredictable PRNG such as Blum Blum Shub [1,2].
[0] http://www.trusteer.com/temporary-user-tracking-in-major-browsers
[1] Lenore Blum, Manual Blum, and Michael Shub, "A Simple Unpredictable
Pseudo-Random Number Generator," SIAM Journal on Computing, volume 15,
pages 364-383, May 1986.
[2] http://rng.doesntexist.org/gmpbbs
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Michael Gilbert
this is already publicly disclosed, so there is no reason to restrict access to this report. however, it seems i can't uncheck the box to do that...
Adam Barth
I have unchecked the box for you.
Sam Weinig
This is only a problem on Windows at the moment, where we found the existing cryptographically secure PRNG to be a hefty performance regression on some tests (I believe it was the JS iBench test). Mac OS uses arc4random for all random numbers, which I believe is suitable, and is noted in the paper. I think we should probably just include arc4random in the tree and call it a day.
Michael Gilbert
the paper does not mention webkit on linux. what is the status of the PRNG there?
Radar WebKit Bug Importer
<rdar://problem/22839305>
David Kilzer (:ddkilzer)
Dupe:
Bug 41868: [JSC] Math.random is predictable which may lead to cross-domain information leakage and temporary user tracking attacks
*** This bug has been marked as a duplicate of bug 41868 ***