Date: Tue, 09 Jun 2009 13:11:35 +0200 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Subject: Predictable Math.random() in browsers <http://www.trusteer.com/temporary-user-tracking-in-major-browsers> describes what essentially is a weakness in Math.random()---it's predictable and its state is shared across domains. Contrary to the report, I'm more worried about the general consequences of weak random numbers. Browsers should probably use a stronger PRNG which doesn't leak its state, so that the shared state doesn't matter.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.