Re: [Lynx-dev] mozilla's take on arc4random

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] mozilla's take on arc4random

From:	Thorsten Glaser
Subject:	Re: [Lynx-dev] mozilla's take on arc4random
Date:	Tue, 14 Jul 2009 09:29:17 +0000 (UTC)

Michael S Gilbert dixit:

>the mozilla developers are working this predictable PRNG issue, and
>they have indicated that arc4random would not be sufficently secure

No, it’s simply not needed. For Mozilla, they have their NSS stuff,
which is used by the browser internally, and the javascript random
functions have different requirements. Such functions should not
deliver a constant random stream, but instead use a random seed –
whether this comes from NSS or arc4random is irrelevant – for a
function like an LFSR. (They could expose the NSS (P)RNG, but there
is no language standard for it.)

This is irrelevant for Lynx, as it does not do Javascript.

//mirabilos
-- 
“It is inappropriate to require that a time represented as
 seconds since the Epoch precisely represent the number of
 seconds between the referenced time and the Epoch.”
        -- IEEE Std 1003.1b-1993 (POSIX) Section B.2.2.2

[Prev in Thread]

Current Thread

[Next in Thread]

[Lynx-dev] mozilla's take on arc4random, Michael S Gilbert, 2009/07/14
- Re: [Lynx-dev] mozilla's take on arc4random, Thomas Dickey, 2009/07/14
- Re: [Lynx-dev] mozilla's take on arc4random, Thorsten Glaser <=
  - Re: [Lynx-dev] mozilla's take on arc4random, David Woolley, 2009/07/14
    - Re: [Lynx-dev] mozilla's take on arc4random, Thorsten Glaser, 2009/07/14

Prev by Date: Re: [Lynx-dev] mozilla's take on arc4random
Next by Date: Re: [Lynx-dev] mozilla's take on arc4random
Previous by thread: Re: [Lynx-dev] mozilla's take on arc4random
Next by thread: Re: [Lynx-dev] mozilla's take on arc4random
Index(es):
- Date
- Thread