[whatwg] Cryptographically strong random numbers

Mark S. Miller erights at google.com
Sun Feb 13 22:12:53 PST 2011


[+benl, +shabsi, +frantz, +daw]

On Sun, Feb 13, 2011 at 6:37 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:

> On 2/13/11 8:22 PM, Adam Barth wrote:
>
>> It seems likely that window.crypto will continue to grow more quality
>> cryptographic APIs, not all of which will be appropriate at the
>> ECMAScript level.
>>
>
> Sure; the question is whether this _particular_ API would be more
> appropriate at the language level.  Or more to the point, if the language
> plans to grow it anyway, do we need two APIs for it?
>
> It's worth at least checking with the ES folks whether they plan to add a
> API like this (something that fills in an array of bytes with
> cryptographically strong random values) in any sort of short-term timeframe.
>

Thanks for checking. The answer is yes. I'm scheduled to start a discussion
of <http://wiki.ecmascript.org/doku.php?id=strawman:random-er> at either the
upcoming March or May meetings. Currently random-er is on the agenda for May
but I may swap it into March. As you can tell, this page is currently only a
placeholder.

I have also talked just a bit with Shabsi Walfish, Ben Laurie, David Wagner,
and Bill Frantz, all cc'ed, about the possibility of a real crypto API for
EcmaScript. With the sole exception of randomness, I believe that we should
handle this the same way we're handling i18n -- as a separate working group
within tc39 (the EcmaScript committee) working on a separate standard
library in a separate standards document. The reason to make an exception
for random-er is that it's the only fundamental omission. Given a decent
random-er, everything else can be done initially in JS.



>
> -Boris
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
>
> https://mail.mozilla.org/listinfo/es-discuss
>



-- 
    Cheers,
    --MarkM


More information about the whatwg mailing list