Math Routine Fingerprinting

Background

Modern CPUs and Operating systems follow IEEE standards when it comes to computing math equations, however there are many functions that don't have clear standards. While it's clear on how to execute a function, variations appear due to when the vendor rounds and how intermediary values. The end result is clear and slight differences in values occur across browsers, operating systems and math libraries.

How It Works

As stated above, IEEE clearly defines standards around math. However they do not clearly define how certain functions such as SIN, COS, TAN, etc. should be computed. Errors crop up as these functions often require multiple steps and intermediary values could be defined as floats, doubles or something else and with each round of calculations rounding errors alter the LSB ever so slightly. This allows you to determine the browser and OS in many cases. Below we use the two functions that have the biggest skew. It should be noted that little research has been conducted in this area and better functions and input my provide larger skews.

Entropy Estimate: Greater than 4.0 bits 

Code

The JavaScript function below fingerprints both COSH(10) and TAN(-1e300) for the device.  
Note: Depending on your output method you may need to URL encode the returned results. 

Validation

Unlike other code on the Internet we do everything possible to verify our code for you. In order to minimize problems and maximize compatibility this code has been verified with JSLint and has been extensively tested with over 1100 OS/Browser combinations using BrowserStack.

Reference

#13081 New Defect. Math routines are OS fingerprintable (2014). Retrieved June 23, 2018, from https://trac.torproject.org/projects/tor/ticket/13018