198971 – predictable random number generator used in web browsers

Bug 198971 - predictable random number generator used in web browsers

Summary: predictable random number generator used in web browsers

Status:	CONFIRMED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	4.2.4
Platform:	Debian testing Linux

Importance:	NOR wishlist
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-07-05 04:32 UTC by Michael Gilbert
Modified:	2011-06-05 17:40 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Gilbert 2009-07-05 04:32:06 UTC

Version:            (using KDE 4.2.4)
OS:                Linux
Installed from:    Debian testing/unstable Packages

hello,

it has been discovered that all of the major web browsers use a
predictable pseudo-random number generator (PRNG).  please see
reference [0]. the robust solution is to switch to a provably
unpredictable PRNG such as Blum Blum Shub [1,2].

[0] http://www.trusteer.com/temporary-user-tracking-in-major-browsers
[1] Lenore Blum, Manual Blum, and Michael Shub, "A Simple Unpredictable
Pseudo-Random Number Generator," SIAM Journal on Computing, volume 15,
pages 364-383, May 1986.
[2] http://rng.doesntexist.org/gmpbbs