shindig.saferRandom() implementation

SHA1 JS impl: syntax/format updates for Shindig
* Changed goog.crypt to shindig namespace.
* Changed from prototype-style to closure-style impl.

Implementation of a random-number "generator" seeded w/ mouse movement (quite unpredictible) and screen real estate (sometimes hard-ish to detect). The idea is to build a pure-JS random() method that is much less predictible than Math.random(), which is known to be fairly easily cracked.

This has benefits for gadgets.rpc and other Shindig functionality which rely on a combination of random numbers and same-domain policy for security.

[johnfargo, 2010-06-29 00:33:55]

Posting actual saferRandom() impl.

[johnfargo, 2010-06-29 00:35:58]

FYI: Just posted this and added dev-remailer@shindig.apache.org. Thoughts
welcome.

On 2010/06/29 00:33:55, johnfargo wrote:
> Posting actual saferRandom() impl.

[johnfargo, 2010-06-29 00:50:14]

Small, but significant, JS fix.

[Paul Lindner, 2010-06-29 00:59:13]

I'd prefer that the name of the feature match the name of the javascript
namespace if possible.

So

  shindig.saferRandome --> shindig.random

Also you will need to add copyright info into the NOTICE file in features and
the top level.

[johnfargo, 2010-06-29 01:06:57]

Renaming method saferRandom() to random(); adding features/NOTICE line.

[Paul Lindner, 2010-06-29 10:13:50]

seems fine.  

For bonus points we might want to support:

http://msdn.microsoft.com/en-us/library/system.security.cryptography.rngcrypt...

(for IE)

and 

window.crypto.random(10)

(for firefox)

which rely on the operating system to provide a secure PRNG

Not sure if there's a crypto extension for webkit...

[johnfargo, 2010-06-29 20:18:46]

Sounds like a good set of additions to me -- I'll add 'em in a follow. Thx--
j

On Tue, Jun 29, 2010 at 3:13 AM, <lindner@inuus.com> wrote:

> seems fine.
>
> For bonus points we might want to support:
>
>
>
http://msdn.microsoft.com/en-us/library/system.security.cryptography.rngcrypt...
>
> (for IE)
>
> and
>
> window.crypto.random(10)
>
> (for firefox)
>
> which rely on the operating system to provide a secure PRNG
>
> Not sure if there's a crypto extension for webkit...
>
>
>
> http://codereview.appspot.com/1720044/show
>

[evn, 2010-07-01 18:12:08]

Hey guys!

I'm the author of the saferRandom function.. and found a bug on it. we should
change the XOR on the mouse movement function to +.

Also, crypto.random is deprecated and no longer works on firefox and
RNGCryptoRandom is not available for sites in the internet zone for IE, so we
can't use it.

There may be a crypto API in HTML5, so we may change to that when there is,
there's also a bug in chromium about implementing a secure random that we may
also use in the future.

Greetings!!

[Paul Lindner, 2010-07-02 09:38:31]

So replace

    var ac = (e.screenX ^ e.clientX) << 16;
    ac += (e.screenY ^ e.clientY);

with 

    var ac = (e.screenX + e.clientX) << 16;
    ac += (e.screenY + e.clientY);

???

On 2010/07/01 18:12:08, evn wrote:
> Hey guys!
> 
> I'm the author of the saferRandom function.. and found a bug on it. we should
> change the XOR on the mouse movement function to +.
> 
> Also, crypto.random is deprecated and no longer works on firefox and
> RNGCryptoRandom is not available for sites in the internet zone for IE, so we
> can't use it.
> 
> There may be a crypto API in HTML5, so we may change to that when there is,
> there's also a bug in chromium about implementing a secure random that we may
> also use in the future.
> 
> Greetings!!

[evn, 2010-07-02 17:52:08]

On 2010/07/02 09:38:31, Paul Lindner wrote:
> So replace
> 
>     var ac = (e.screenX ^ e.clientX) << 16;
>     ac += (e.screenY ^ e.clientY);
> 
> with 
> 
>     var ac = (e.screenX + e.clientX) << 16;
>     ac += (e.screenY + e.clientY);
> 
> ???

Yes, the idea is that the attacker shouldn't be able to calculate the frame
position and the relative screen coords at the same time. In the case when the
gadget is loaded fullscreen the entropy disappears because screenX and clientX
are the same, so their XOR is 0.

Greetz