[Webkit-unassigned] [Bug 247471] Audit use of cryptographically random functions
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 7 12:47:42 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=247471
--- Comment #2 from Darin Adler <darin at apple.com> ---
Not necessarily part of this bug, but I suggest we do these 9 things:
1) Change the 3 callers of cryptographicallyRandomUint32 to use cryptographicallyRandomNumber instead.
2) Remove cryptographicallyRandomUint32.
3) Move cryptographicallyRandomUint64 to CryptographicallyRandomNumber.h
4) Move cryptographicallyRandomUnitInterval to CryptographicallyRandomNumber.h.
5) Rename cryptographicallyRandomUint64 to cryptographicallyRandomUInt64 or cryptographicallyRandom<uint64_t>.
6) Consider renaming cryptographicallyRandomNumber to cryptographicallyRandomUInt32 or cryptographicallyRandom<uint32_t>.
7) Consider renaming weakRandom to weakRandomUInt32 or weakRandom<uint32_t>.
8) Consider renaming RandomNumber.h to WeakRandomNumber.h.
9) Document that cryptographicallyRandomUnitInterval has only 32 bits of randomness in it to further discourage uninformed use of it.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221107/68fd0458/attachment-0001.htm>
More information about the webkit-unassigned
mailing list