* Raphael Geissert: > Cc'ing the stable security team as I would some input from them. As > mentioned by Florian on IRC there's a bug on some browsers that > could let other websites predict the sequence of Math.random(). On > unstable the cryptojs library from stanford could be packaged and > used to generate a session id with the Fortuna-based PRNG (which is > of course not shared between websites, therefore safe from the > Math.random() attacks),
I think it's impossible to generate random numbers which reasonably cryptographically strong with pure Javascript code because you lack a reliable source of entropy. Can't you get the ID from the server instead? -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
