We claim that the results of farbled APIs depend on session hash. I realised that during farbling, the wrappers used to call a common PRNG which means that the obtained pseudorandom numbers depended on the order of the call. So enabling or disabling the API resulted in changed wrapped APIs and changed fingerprint without the change to the domain and session key.
I fixed this in 249e002.
During the work I also noticed that images are farbled the same way. I created a test page with a 5x2 canvas https://www.fit.vutbr.cz/~ipolcak/jsr/farbling/canvas.html (currently I fill the canvas with the same colour; twice black, white, gray and almost black). See the attached images.
Proposed solution:
Hence the same image will be repeatedly farbled the same way. Different images will have different pixels farbled.
We need to go through all farbled APIs and make sure that the implementation really make sense.
Brave 1 <img alt="brave.png" src="/JShelter/webextension/issue/raw/files/46c3dc445acf8177a19e455ab593595605aa546ba662603dcef7bb1a98db574a-brave.png" />
Brave 2 <img alt="brave2.png" src="/JShelter/webextension/issue/raw/files/dd78378590b2cc38de7c12f3683ba4bc69277cd7c6d91c71ad3261fc4abd5f55-brave2.png" />
JShelter 1 <img alt="jshelter.png" src="/JShelter/webextension/issue/raw/files/22dd06c1e1e44f2bb1089466887fce1b2fc6d2d9c78441a4db0b303842456662-jshelter.png" />
JShelter 2 <img alt="jshelter2.png" src="/JShelter/webextension/issue/raw/files/fb79ff2a8c3b92db6afafe9b11b4033f27590a27e5b5814b44b8f040772e6882-jshelter2.png" />
An example of the farbling with JShelter and the fix:
<img alt="jshelter-fixed.png" src="/JShelter/webextension/issue/raw/files/8806d92393f979dbbda79b8370101789a54b1e72205696f521c320bf8d5ccebc-jshelter-fixed.png" />
Fixed in 0.8. Audio wrappers revisited in 0.10. If anyone wants to review the commits, please, let me know.
Metadata Update from @polcak: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @polcak: - Issue private status set to: False (was: True)
Metadata Update from @polcak: - Issue untagged with: research - Issue set to the milestone: NLNet evaluation
Log in to comment on this ticket.