randomBytes is not random enough about crypto-js HOT 5 CLOSED

This repository provides just the latest version as a modularized port of https://code.google.com/p/crypto-js/ project.

You should report this issue directly to this project.

The project owner is Jeff.Mott.OR, I also found a github user @Jeff-Mott-OR, but I'm not sure whether he is the same guy. But 6 months ago he did some activity on his repository CryptoJS, but this repository doesn't exists anymore.

from crypto-js.

@daviddahl you can implement more sophisticated entropy, randomized seeds. Javascript wasn't designed for cryptography, so you'd have to implement a stronger generator. For instance, try seeding a curve-based generator and re-seed it per round, then fallback, switch to another generator, etc. it gets better with more entropy.

Here's a custom generator using Donald Knuth's linear congruential pseudo-random number generator (described in Art of Computer Programming - Volume 2: Seminumerical Algorithms, section 3.2.1):

    random: function (nBytes) {
        var words = [];

        var r = (function (m_w) {
            var m_w = m_w;
            var m_z = 0x3ade68b1;
            var mask = 0xffffffff;

            return function () {
                m_z = (0x9069 * (m_z & 0xFFFF) + (m_z >> 0x10)) & mask;
                m_w = (0x4650 * (m_w & 0xFFFF) + (m_w >> 0x10)) & mask;
                var result = ((m_z << 0x10) + m_w) & mask;
                result /= 0x100000000;
                result += 0.5;
                return result * (Math.random() > .5 ? 1 : -1);
            }
        });

        for (var i = 0, rcache; i < nBytes; i += 4) {
            var _r = r((rcache || Math.random()) * 0x100000000);

            rcache = _r() * 0x3ade67b7;
            words.push((_r() * 0x100000000) | 0);
        }

        return new WordArray.init(words, nBytes);
    }

I added the rcache to seed the next round independently from the current round, it's still predictable if you control all parameters and have physical access to the engines' own seed. AFAIK in Chrome a new seed is generated each time a window is opened; this is different in ES6, where a new seed is generated per call. Needs reference

from crypto-js.

Please create a pull request with your fix on the develop branch.

Is there somebody up to review it?

from crypto-js.

Done in 3.2.1-4, special thanks to @KenanSulayman

from crypto-js.

@KenanSulayman
Is 'ryptoJS.lib.WordArray.random' as secure as using browsers built in 'window.crypto.getRandomValues' function?

from crypto-js.