Isolation of weak pseudo-random generators

Math.random() may be served by a weak pseudo-random number generator without violating the ES5 spec. However, in the absence of any further restriction beyond the ES5 spec, this weakness would raise a security concern: module_loaders support the creation of separate global contexts to support isolation, much as browsers already attempt to do with separate frames and workers. However, if their Math.random() functions share an underlying weak pseudo-random number generator, such that code in frame X can guess how many times code in other frames have called Math.random() between two successive calls from frame X, then there is an unnecessary cross-frame information leak compromising this isolation.

One solution would be to require Math.random() to generate cryptographically strong random numbers. However, our needs for a good source of randomness for crypto purposes still needs a better API, so making Math.random() more expensive seems somewhat pointless. Instead, to repair this information leak, the post ES5 standard will require implementations to...

Decouple the Math.random() random generators per global context (e.g., per browser frame), so the any predictability of numbers emitted within one context provides no information about random state in a different context.


Mozilla bug 322529

Remaining random-er strawman

harmony/random-er.txt · Last modified: 2011/05/29 04:27 by markm
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki