Bug 198971

Summary: predictable random number generator used in web browsers
Product: [Applications] konqueror Reporter: Michael Gilbert <michael.s.gilbert>
Component: generalAssignee: Konqueror Developers <konq-bugs>
Status: CONFIRMED ---    
Severity: wishlist CC: kollix
Priority: NOR    
Version: 4.2.4   
Target Milestone: ---   
Platform: Debian testing   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Michael Gilbert 2009-07-05 04:32:06 UTC 
Version:            (using KDE 4.2.4)
OS:                Linux
Installed from:    Debian testing/unstable Packages

hello,

it has been discovered that all of the major web browsers use a
predictable pseudo-random number generator (PRNG).  please see
reference [0]. the robust solution is to switch to a provably
unpredictable PRNG such as Blum Blum Shub [1,2].

[0] http://www.trusteer.com/temporary-user-tracking-in-major-browsers
[1] Lenore Blum, Manual Blum, and Michael Shub, "A Simple Unpredictable
Pseudo-Random Number Generator," SIAM Journal on Computing, volume 15,
pages 364-383, May 1986.
[2] http://rng.doesntexist.org/gmpbbs