[tor-bugs] #17244 [Tor Browser]: Low entropy PRNG usage in Tor Browser?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 5 23:14:17 UTC 2015
#17244: Low entropy PRNG usage in Tor Browser?
-------------------------+-------------------------------------------------
Reporter: | Owner: tbb-team
arthuredelstein | Status: new
Type: defect | Milestone:
Priority: normal | Version:
Component: Tor | Keywords: tbb-linkability,
Browser | TorBrowserTeam201510
Resolution: | Parent ID:
Actual Points: | Sponsor:
Points: |
-------------------------+-------------------------------------------------
Comment (by arthuredelstein):
For `Math.random()`, it appears a separate PRNG state is initialized for
each JS context. So, unless I am missing something, it appears that
separate sites cannot be linked through PRNG state.
However, the `Math.random()` state is initialized with the local time in
microseconds, which is very low entropy.
[https://media.blackhat.com/us-13/US-13-Soeder-Black-Box-Assessment-of-
Pseudorandom-Algorithms-WP.pdf Soeder et al] showed that it is possible to
run the PRNG in reverse (see section 4.2.2). So it should be relatively
easy to extract the local time from `Math.random()`. If we want to hide
the local clock offset, it will be necessary to change `Math.random()` to
a high-entropy (non clock-based) source.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17244#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list