Pseudo-randomness Inside Web Browsers

摘要

With the increasing concerns over the security and privacy of Web based applications, many solutions based on strong cryptography have been proposed to protect client side Web applications against attacks such as phishing, pharming and even server side attacks. While strong cryptography is used, one critical building block in cryptosystem, the random number generator, is often neglected. Considering this situation, in this paper we design and implement a pseudo-random number generator only rely on ubiquitous Web browser abilities - JavaScript, HTML and AJAX. We also provide a mechanism called Pseudo-cookie for JavaScript programs to access operating system services for retrieving random or entropy values without changing Web browser security policies. The security model, analysis and performance evaluation demonstrate that our method is secure and efficient.