I am writing some code that shall run in a browser, which uses Javascript random function(s) for key generation.
Now reading in several forums that this is considered to be not secure, due to bad random number generation.
Now, what if I only create one key pair per browser/computer. So, having a distributed scenario where there is actually no sequence of random numbers per browser. Will this fundamentally change the problematic situation? Thanks for your thoughts.
Yes it matters. If an attacker generates random numbers at the same time as a genuine user, they can predict what is generated and retrieve they key. Even if the clocks aren't fully synchronised, an attacker could generate a range around the UNIX timestamp when the key was known to have been generated and then try each one in turn.
Solution: Use window.crypto to generate a secure random number using the crypto library.
The Crypto interface represents basic cryptography features available
in the current context. It allows access to a cryptographically strong
random number generator and to cryptographic primitives.
Random numbers are generated in Javascript by the amount of milliseconds since 1st of January 1970(UNIX Timestamp). Then Javascript just takes the first few values and that is your random number. i.e.
Math.floor((Math.random() * 10) + 1);
Makes a random number between 1 and 10.
Related
I'm trying to include a field in Mongodb document called myId. I am using shortid. I am wondering, in case of big data, like millions of documents in a collections:
What's the guarantee that the shortid will be always unique and never ever be repeated for any other document?
What keeps a track of the generated ids?
What are the chances of the id been repeated?
What's the guarantee that the shortid will be always unique and never ever be repeated for any other document
to cut a long story short: these shortids are pretty much just "hashed" timestamps. Not unix timestamps, their own breed, but non the less not much more than timestamps.
All that bling with Random is pretty much that, just bling.
As long as all these shortids are generated on the same computer (a single thread) with the same seed, collisions are impossible.
What keeps a track of the generated ids?
A counter that gets incremented when a you request ids to fast, so that the same timestamp is hit. This counter is reset to 0 as soon as a new timestamp is reached.
There's nothing significant, that is really random in there.
What are the chances of the id been repeated?
during usage, little to non existant.
As far as I can tell, the only two things that may lead to a collision are
changing the seed for the prng (leads to a new alphabet, so that newer dates may be encoded to ids that already have been generated with a different seed; although not very likely, but possible)
generating ids on multiple threads/machines because the counter is not synced.
Summary: I'd nag about pretty much everything in that code, but even as it is, it does the job, reliable. And I've told you the limitations.
Shortid generates a random 64 bit id. This is done in multiple step, but the base of it is this pseudo-random function:
function getNextValue() {
seed = (seed * 9301 + 49297) % 233280;
return seed/(233280.0);
}
To generate the same id twice, this function has to return the same exact values in the same exact order in the same exact second. This is very rare, but can happen if they reset the timer (based on the comments, they do, but it's still rare).
I am interested in finding out which seeds are used for native random number generators in common languages. Primarily, it's Javascript, Objective C, Swift and Java.
If you want to generate unique ids in distributed systems, you want to minimise the risk of collision. One strategy is to use a UNIX timestamp concatenated with a random number. However, if UNIX timestamp is also used as the sole seed for the random number generator, there is no point in adding a random number to the timestamp. If two units calculated an id at the same time using the same pseudo-random generator, they would then return the same random number as well. Using a hardware-specific id as part of the seed would be a good strategy, I think. But how is it actually implemented already in these languages?
This is a platform/framework question, not a language question.
I would suggest generating a UUID on all platforms. UUIDs are designed to be completely unique. iOS/Mac OS has NSUUID. I don't know about the other platforms.
It seems django, or the sqlite database, is storing datetimes with microsecond precision. However when passing a time to javascript the Date object only supports milliseconds:
var stringFromDjango = "2015-08-01 01:24:58.520124+10:00";
var time = new Date(stringFromDjango);
$('#time_field').val(time.toISOString()); //"2015-07-31T15:24:58.520Z"
Note the 58.520124 is now 58.520.
This becomes an issue when, for example, I want to create a queryset for all objects with a datetime less than or equal to the time of an existing object (i.e. MyModel.objects.filter(time__lte=javascript_datetime)). By truncating the microseconds the object no longer appears in the list as the time is not equal.
How can I work around this? Is there a datetime javascript object that supports microsecond accuracy? Can I truncate times in the database to milliseconds (I'm pretty much using auto_now_add everywhere) or ask that the query be performed with reduced accuracy?
How can I work around this?
TL;DR: Store less precision, either by:
Coaxing your DB platform to store only miliseconds and discard any additional precision (difficult on SQLite, I think)
Only ever inserting values with the precision you want (difficult to ensure you've covered all cases)
Is there a datetime javascript object that supports microsecond accuracy?
If you encode your dates as Strings or Numbers you can add however much accuracy you'd like. There are other options (some discussed in this thread). Unless you actually want this accuracy though, it's probably not the best approach.
Can I truncate times in the database to milliseconds..
Yes, but because you're on SQLite it's a bit weird. SQLite doesn't really have dates; you're actually storing the values in either a text, real or integer field. These underlying storage classes dictate the precision and range of the values you can store. There's a decent write up of the differences here.
You could, for example, change your underlying storage class to integer. This would truncate dates stored in that field to a precision of 1 second. When performing your queries from JS, you could likewise truncate your dates using the Date.prototype.setMilliseconds() function. Eg..
MyModel.objects.filter(time__lte = javascript_datetime.setMilliseconds(0))
A more feature complete DB platform would handle it better. For example in PostgreSQL you can specify the precision stored more exactly. This will add a timestamp column with precision down to miliseconds (matching that of Javascript)..
alter table "my_table" add "my_timestamp" timestamp (3) with time zone
MySQL will let you do the same thing.
.. or ask that the query be performed with reduced accuracy?
Yeah but this is usually the wrong approach.
If the criteria you're filtering by is to precise then you're ok; you can truncate the value then filter (like in the ..setMilliseconds() example above). But if the values in the DB you're checking against are too precise you're going to have a Bad Time.
You could write a query such that the stored values are formatted or truncated to reduce their precision before being compared to your criteria but that operation is going to need to be performed for every value stored. This could be millions of values. What's more, because you're generating the values dynamically, you've just circumvented any indexes created against the stored values.
Is it possible to produce multiple intermediate SHA-256 values that could somehow be combined at a later time to produce the same SHA-256 that would be produced from a single hashing computation?
In other words, if I hash a 4GB .ISO image file for a SHA-256 value one day, could I produce the same single SHA-256 by splitting the file into, lets say 10 sections, producing an intermediate SHA-256 for each section, and then at a later time, produce the final SHA-256 using "only" the intermediate SHA-256 values?
I realise there is probably no way to produce 10 intermediate SHA-256 values from 1 final SHA-256 value but I thought it might be possible to hash a file in chunks and combine those 10 intermediate SHA-256 values at a later time without needing the actual data at the same time.
If this is possible, how would I produce the final SHA-256 from the intermediate SHA-256 values in C# and/or JavaScript?
Edit: I want to take away the requirement of the intermediate values being SHA-256 values.
I don't care what they are as long as I can produce a final SHA-256 at a later time using "only" the multiple intermediate values and no data. And have it be the exact same SHA-256 that I would have gotten doing it all at once on the 4GB(arbitrary size) file.
I'm thinking of something like a voucher system where the conductor asks to see your train ticket and you have some person step up in your place and say, "I've already checked this guy out, you don't need to, I will verify his integrity".
A hashing algorithm produces a unique hash for every input data. Any combination of the intermediate hashes is still different from your ISO file, thus producing a different hash than if you would hash the file directly.
If you drop the requirement that the hash produced from the file must be the same as the final hash produced from the intermediates, you can still use the later approach in my opinion since the combination of 10 hashes should still be unique in and of itself, giving a unique final hash for each input file.
The scheme could look something like that:
In JavaScript, is it possible to generate a random number from another number?
I'm trying to implement a predictable random number generator for one of my fractal terrain generators. I already know that it's possible to generate a random number using Math.random(), but I want to create a random number generator that produces exactly one output for every input. (For example, predictableRandomGenerator(1) would always produce the same result, which would not necessarily be the same as the input.)
So is it possible to generate a random number from another number, where the output is always the same for each input?
You can use a checksum generator such as MD5 or SHA-1 to generate a single pseudo-random output for every input. SHA-1 will generate a random number from each string that is entered as input, and each output will produce exactly one input. (It's likely that any other checksum generator would be suitable for thus purpose as well, since checksum generators produce exactly one output for each input that is entered).
Yes, it is possible. However you'll need to write your own pseudo-random number generator.
See, computers can't really generate random numbers. However you can use an algorithm which creates a sequence of numbers which appears to be random.
This algorithm is usually given a seed and each seed leads to a different sequence of random numbers generated by the algorithm.
The most common algorithm is the linear congruential pseudorandom number generator, as defined by D. H. Lehmer and described by Donald E. Knuth in The Art of Computer Programming, Volume 2: Seminumerical Algorithms, section 3.2.1.
For more details refer to the following thread: Predict the Seed of Javascript's Math.random
Sure, how about the identity function:
function getMappedRandom(random){ return random; }
I'm not sure why you want this transformation, but in terms of randomness it does not necessarily make it better.
I believe what you need is called one-way hash function. try hex_md5() or hex_sha1().
If you need a PRNG for a terrain generator, then I'm assuming you need a seeded random number generator that reproduces the sequence of pseudo-random numbers for a given seed; Such that each seed creates a separate, distinct terrain that can be reconstructed later by providing the same seed.
This might work for you:
http://davidbau.com/archives/2010/01/30/random_seeds_coded_hints_and_quintillions.html
http://davidbau.com/encode/seedrandom.js