[Webkit-unassigned] [Bug 239735] New: [libpas] Implement secure random numbers

Mon Apr 25 11:29:19 PDT 2022

https://bugs.webkit.org/show_bug.cgi?id=239735

            Bug ID: 239735
           Summary: [libpas] Implement secure random numbers
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: bmalloc
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: brandonstewart at apple.com
                CC: ggaren at apple.com

We currently have a cheesy random and secure random, which use the same implementation for generating random numbers. (We are going to ignore the mock testing code here).

This patch introduces a fast random and secure random.

The fast random maintains the same properties as the previous implementation, while secure random will use the cryptographically secure arc4random_uniform to give better randomness.

arc4random() can be quite an expensive operation and based on discussing with Yusuke he found heavy performance penalties when using this in JSC.

Our secure random shall only be used in cases where true randomness is needed.

We have 2 spots where we currently use secure random we shall just migrate those over to using fast random.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220425/5dddaab4/attachment.htm>