[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Predictable Math.random() in browsers
From: Florian Weimer <fw () deneb ! enyo ! de>
Date: 2009-06-09 11:11:35
Message-ID: 87y6s1d5lk.fsf () mid ! deneb ! enyo ! de
[Download RAW message or body]
<http://www.trusteer.com/temporary-user-tracking-in-major-browsers>
describes what essentially is a weakness in Math.random()---it's
predictable and its state is shared across domains.
Contrary to the report, I'm more worried about the general
consequences of weak random numbers. Browsers should probably use a
stronger PRNG which doesn't leak its state, so that the shared state
doesn't matter.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic