oss-sec mailing list archives
Predictable Math.random() in browsers
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 09 Jun 2009 13:11:35 +0200
<http://www.trusteer.com/temporary-user-tracking-in-major-browsers> describes what essentially is a weakness in Math.random()---it's predictable and its state is shared across domains. Contrary to the report, I'm more worried about the general consequences of weak random numbers. Browsers should probably use a stronger PRNG which doesn't leak its state, so that the shared state doesn't matter.
Current thread:
- Predictable Math.random() in browsers Florian Weimer (Jun 09)