Re: [tor-bugs] #17244 [Tor Browser]: Low entropy PRNG usage in Tor Browser?

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#17244: Low entropy PRNG usage in Tor Browser?
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  tbb-team
  arthuredelstein        |     Status:  new
         Type:  defect   |  Milestone:
     Priority:  normal   |    Version:
    Component:  Tor      |   Keywords:  tbb-linkability,
  Browser                |  TorBrowserTeam201510
   Resolution:           |  Parent ID:
Actual Points:           |    Sponsor:
       Points:           |
-------------------------+-------------------------------------------------

Comment (by arthuredelstein):

 For `Math.random()`, it appears a separate PRNG state is initialized for
 each JS context. So, unless I am missing something, it appears that
 separate sites cannot be linked through PRNG state.

 However, the `Math.random()` state is initialized with the local time in
 microseconds, which is very low entropy.
 [https://media.blackhat.com/us-13/US-13-Soeder-Black-Box-Assessment-of-
 Pseudorandom-Algorithms-WP.pdf Soeder et al] showed that it is possible to
 run the PRNG in reverse (see section 4.2.2). So it should be relatively
 easy to extract the local time from `Math.random()`. If we want to hide
 the local clock offset, it will be necessary to change `Math.random()` to
 a high-entropy (non clock-based) source.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17244#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs