Bug#532514: predictable random number generator used in web browsers

Michael S. Gilbert michael.s.gilbert at gmail.com
Tue Jun 9 19:16:45 UTC 2009

package: webkit
severity: serious
tags: security


it has been discovered that all of the major web browsers use a
predictable pseudo-random number generator (PRNG).  please see
reference [0]. the robust solution is to switch to a provably
unpredictable PRNG such as Blum Blum Shub [1,2].

[0] http://www.trusteer.com/temporary-user-tracking-in-major-browsers
[1] Lenore Blum, Manual Blum, and Michael Shub, "A Simple Unpredictable
Pseudo-Random Number Generator," SIAM Journal on Computing, volume 15,
pages 364-383, May 1986.
[2] http://rng.doesntexist.org/gmpbbs

More information about the Pkg-webkit-maintainers mailing list