Ignore:
Timestamp:
Dec 29, 2008, 11:21:03 PM (16 years ago)
Author:
[email protected]
Message:

<rdar://problem/6358108> Insecure randomness in Math.random() leads to user tracking

Reviewed by Mark Rowe

Switch to arc4random on PLATFORM(DARWIN), this is ~1.5x slower than random(), but the
it is still so fast that there is no fathomable way it could be a bottleneck for anything.

randomNumber is called in two places

  • During form submission where it is called once per form
  • Math.random in JSC. For this difference to show up you have to be looping on a cached local copy of random, for a large (>10000) calls.

No change in SunSpider.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/wtf/RandomNumber.cpp

    r39507 r39510  
    5151    return static_cast<double>(u) / (static_cast<double>(UINT_MAX) + 1.0);
    5252#elif PLATFORM(DARWIN)
    53     return static_cast<double>(random()) / (static_cast<double>(RAND_MAX) + 1.0);
     53    return static_cast<double>(arc4random()) / (static_cast<double>(UINT32_MAX) + 1.0);
    5454#else
    5555    return static_cast<double>(rand()) / (static_cast<double>(RAND_MAX) + 1.0);
Note: See TracChangeset for help on using the changeset viewer.