Bug 247471

Summary: Audit use of cryptographically random functions
Product: WebKit Reporter: Don Olmstead <don.olmstead>
Component: PlatformAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: darin, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=247581

Description Don Olmstead 2022-11-03 18:19:02 PDT 
Cryptographically random numbers are expensive to generate and can have a negative performance impact. Determine if code using them should actually be using them instead of a weak random number.
Comment 1 Darin Adler 2022-11-07 12:34:49 PST 
I just noticed that we have two identical functions in two different headers:

cryptographicallyRandomNumber
cryptographicallyRandomUint32
Comment 2 Darin Adler 2022-11-07 12:47:42 PST 
Not necessarily part of this bug, but I suggest we do these 9 things:

1) Change the 3 callers of cryptographicallyRandomUint32 to use cryptographicallyRandomNumber instead.
2) Remove cryptographicallyRandomUint32.
3) Move cryptographicallyRandomUint64 to CryptographicallyRandomNumber.h
4) Move cryptographicallyRandomUnitInterval to CryptographicallyRandomNumber.h.
5) Rename cryptographicallyRandomUint64 to cryptographicallyRandomUInt64 or cryptographicallyRandom<uint64_t>.
6) Consider renaming cryptographicallyRandomNumber to cryptographicallyRandomUInt32 or cryptographicallyRandom<uint32_t>.
7) Consider renaming weakRandom to weakRandomUInt32 or weakRandom<uint32_t>.
8) Consider renaming RandomNumber.h to WeakRandomNumber.h.
9) Document that cryptographicallyRandomUnitInterval has only 32 bits of randomness in it to further discourage uninformed use of it.
Comment 3 Radar WebKit Bug Importer 2022-11-10 17:19:17 PST 
<rdar://problem/102219729>