[cryptography] Weak random data XOR good enough random data = better random data?

Aaron Toponce aaron.toponce at gmail.com
Thu Sep 4 09:46:15 EDT 2014


On Mon, Jul 28, 2014 at 06:23:12PM +0200, Lodewijk andré de la porte wrote:
> I'm working on some Javascript client side crypto. There's a cryptographic
> quality random generator present in modern browsers, but not in older ones.
> I also don't trust browsers' random generators' quality.
> 
> I'd like to ship a few KB (enough) of random data and XOR it with whatever
> the best-available RNG comes up with. That way the user can still verify
> that I didn't mess with the randomness, no MITM attacks can mess with the
> randomness, but given a good transport layer I can still supplement usually
> bad randomness.

There are a couple things that you can do for older browsers that don't support
crypto.getRandomValues():

    1. You can build your own CSPRNG using either Blum Blum Shub or Blum
       Micali. In both cases, the CSPRNG is slow, and you'll need to rely on a
       bigint.js library for the primes, but if all you need is a few KB of
       random data, this will suffice. I've built BBS in Javascript, adhering
       to all the rules, and it performs "good enough", and the security lies
       in the hard factoring problem.
    2. You can checkout isaac.js at https://github.com/rubycon/isaac.js. ISAAC
       is a CSPRNG written by Rober Jenkins in 1996, and based on RC4. It is
       fast and secure.

-- 
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 502 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140904/2479ff2f/attachment.asc>


More information about the cryptography mailing list