Mozilla would like to expose a secure PRNG (basically, a wrapper around PK11_GenerateRandom) to JavaScript content: https://bugzilla.mozilla.org/show_bug.cgi?id=440046
There is some agreement that we should maintain separate PRNG state for each origin (roughly: domain name), and that all those states should be separate from the PRNG state used internally. PK11_GenerateRandom currently shares the PRNG state across all callers. Does anybody disagree about this separation being necessary? If not, then we (Mozilla) would to change pk11wrap so that we can control these separate PRNG states. (If this is really important, then eventually this consideration for separate contexts will need to be made for all APIs that use the PRNG that we plan to expose to JavaScript, such as PK11_GenerateKeyPair.) However, I am not sure if these separate states are really necessary; if they were, then wouldn't it be better to maintain separate states for each SSL connection in libssl too? There was also some concern raised about preventing unnecessary depletion of entropy, while still providing good randomness to the calling JavaScript code. Suggestions for this would be much appreciated. My current thought is that we should restrict the JavaScript API such that a origin can only acquire a certain (relatively small) quantity of output from the PRNG. Thanks, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
