Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 09 Jun 2009 13:11:35 +0200
From: Florian Weimer <>
Subject: Predictable Math.random() in browsers

describes what essentially is a weakness in Math.random()---it's
predictable and its state is shared across domains.

Contrary to the report, I'm more worried about the general
consequences of weak random numbers.  Browsers should probably use a
stronger PRNG which doesn't leak its state, so that the shared state
doesn't matter.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.