Analysis of Random Number Generation in Browsers
The study initiated by the BSI on random number generation in web browsers describes and analyses the random number generators used by the Firefox, Chromium and Safari (assuming Safari uses the Corecrypto library) browsers for cryptographic applications. Among other things, good random numbers are a prerequisite for establishing secure connections on the Internet.
The focal point of this study is the assessment of the algorithmic part of the random number generators. The entire implementation of the random number generators is explained in detail to allow a full understanding of the flow of information, starting at the point where the entropy is gathered up to the point where random numbers are returned. Each of the entropy sources providing entropy to the RNGs is described to the extent that the used interface is clarified. It is then analysed whether the requirements from AIS 20/31 on good random numbers are satisfied.
The analysis focuses on all use cases where random numbers are used for cryptographic purposes, either as part of the TLS or the QUIC network protocol, or together with the WebCrypto API. The WebRTC stack with DTLS-SRTP is also covered. This means that all runtime use-cases of random number generation requested by the browser operation are addressed.
This document contains the analysis of the random number generators used in Chromium (Version 122.0.6168.2), Firefox (Version 120.0) and Safari (assuming usage of Corecrypto 2022).
Die Studie wurde in englischer Sprache verfasst, da die Zielgruppe in erster Linie die internationale IT-Sicherheits-Community ist. Die Studie steht auch im Kontext englischsprachiger Publikationen zu diesem Thema.