Trivial to fingerprint through V8 if only time was used
Ryan Carboni
33389 at protonmail.com
Tue Sep 17 03:22:45 PDT 2019
V8 uses a linear PRNG, depending on the precision of system time fed, V8 is vulnerable to the same attacks PHP was regarding a weak seed: it could be derived through a brute force search or by reversing the outputs.
Given that now that time stamps in browsers use reduced precision, it could be argued that using math.random, V8 is still vulnerable to spectre
Never mind that this bug report was closed as working as intended long ago: https://bugs.chromium.org/p/v8/issues/detail?id=2905
Personally I think a reduced round cryptographic function in OFB or something similar would be best.
Sent from ProtonMail Mobile
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 870 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20190917/0f4d101b/attachment.txt>
More information about the cypherpunks
mailing list