#17244: Low entropy PRNG usage in Tor Browser?
-------------------------+-------------------------------------------------
Reporter: | Owner: tbb-team
arthuredelstein | Status: new
Type: defect | Milestone:
Priority: normal | Version:
Component: Tor | Keywords: tbb-linkability,
Browser | TorBrowserTeam201510
Resolution: | Parent ID:
Actual Points: | Sponsor:
Points: |
-------------------------+-------------------------------------------------
Comment (by arthuredelstein):
Replying to [comment:3 yawning]:
> https://bugzilla.mozilla.org/show_bug.cgi?id=322529 has a long rambling
discussion on this, and no patch.
>
> To alleviate tracking concerns the seed needs to be changed. To make
the world a better place, the algorithm could be replaced with something
sensible as well (Just replacing the algorithm is insufficient to prevent
the bad guys from making an educated guess about the clock, even if the
algorithm has backtracking resistance).
Thanks for making this point and for the link. One possibility would be to
use the `'@mozilla.org/security/random-generator;1'` (which is used to
implement `window.crypto.getRandomValues()`), either as the seed alone or
to replace both the seed and the algorithm. I don't know what the
downsides might be -- perhaps there might be a performance penalty.
It's interesting to see that Mozilla attempted to prevent cross-site
tracking when they decided to re-seed the PRNG for each JS context in this
bug: https://bugzilla.mozilla.org/show_bug.cgi?id=475585
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17244#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs