Re: [Lynx-dev] predictable PRNG used

[David Woolley]

Thorsten Glaser wrote:

> But back to improvements - are the OpenSSL and *shudder* GnuTLS
> RAND_* functions self-seeding on GNU/Linux? They could be used

If I understood the issue correctly, truly random seeding makes the 
information exposure greater, because it makes it much more likely that 
different browser sessions are in completely different places in the 
pseudo random sequence.

Whilst I would consider the number of organisations that go man in the 
middle for 3D Secure a much more real risk to security. the two 
approaches to this issue are either to make the random numbers 
cryptographically strong, which is not generally a requirement for 
random() type functions, or to make the delimiters deterministic.

There is no need for randomness in the delimiters.  The only reason for 
making them random is so that if one submission fails because a 
delimiter clashes with content, the next attempt for the same data 
should not. The problem with this is that you have to prescan the 
content, possibly multiple times, to search for a safe delimiter.  Of 
course, a 100% reliable random delimiter implementation has to be 
prepared to retry with a different delimiter, although I suspect this 
isn't actually done.

A cryptographically secure random number is one where either every one 
is truly random, or it is computationally infeasible to determine the 
internal state of the the random number generator.

> if Lynx is built with SSL support anyway and arc4random is not
> available. (I'd prefer arc4random though...)

--
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.