[whatwg] Cryptographically strong random numbers

Boris Zbarsky bzbarsky at MIT.EDU
Sat Feb 5 18:34:19 PST 2011


On 2/5/11 9:08 PM, Roger Hågensen wrote:
> If you really wanted a float, and really wanted minimal issue with float
> behavior then creating a random um... mantissa.?... "should" allow a
> better 0.0 to 1.0 than the divide shown further up.

That's the thing.  The valid mantissas for IEEE floats are nonuniformly 
distributed on the unit interval.  So you don't want to generate all 
mantissas with equal probability... or something.  So yeah, the key 
issue here is defining what one means by "a random float" and what one 
wants from it.

I suspect that most people who use random numbers on the web don't stop 
to think about any of that, though; I just always hope whatever they're 
doing with them is unimportant enough that the issues with their 
randomness sources won't matter...

> I suspect that they may not want secure random numbers as much as they
> might want secure random data for key generation.

That makes sense, and doesn't need floats.  I don't think we need use 
cases for the uint8 version of a good random-number generator.  There 
are lots of those.  ;)

The context in which I've seen people ask for cryptographically secure 
Math.random are cases where one script can tell what random numbers 
another script got by examining the sequence of random numbers it's 
getting itself.  But I was never told what that "other script" was 
doing, only that it wanted its random numbers to be unguessable.

> Couldn't the Uint8Array mostly piggyback on whatever certificate code
> the browser has? Which is either done by the browser or by a OS API.
> In fact leaving the sourcing of the data not specified (besides that it
> need to be cryptographically secure/random) because it would be
> implementation agnostic and hence future proof.

That's the general idea, yes.

-Boris




More information about the whatwg mailing list