[cryptography] Weak random data XOR good enough random data = better random data?

Tom Ritter tom at ritter.vg
Thu Sep 4 19:14:27 EDT 2014


On 4 September 2014 08:46, Aaron Toponce <aaron.toponce at gmail.com> wrote:
> There are a couple things that you can do for older browsers that don't support
> crypto.getRandomValues():
>
>     1. You can build your own CSPRNG using either Blum Blum Shub or Blum
>        Micali. In both cases, the CSPRNG is slow, and you'll need to rely on a
>        bigint.js library for the primes, but if all you need is a few KB of
>        random data, this will suffice. I've built BBS in Javascript, adhering
>        to all the rules, and it performs "good enough", and the security lies
>        in the hard factoring problem.
>     2. You can checkout isaac.js at https://github.com/rubycon/isaac.js. ISAAC
>        is a CSPRNG written by Rober Jenkins in 1996, and based on RC4. It is
>        fast and secure.

Turtles.

The second one of these appears to seed itself, if you do not, using
Math.random(): https://github.com/rubycon/isaac.js/blob/master/isaac.js#L103

In the first, how do you seed it?

In both cases, if I can enumerate all possible seeds in 2^40 and
iterate your CSPRNG, I can recreate your random stream.  You need to
seed these algorithms with a seed that is from a secure random number
generator.

-tom


More information about the cryptography mailing list