[whatwg] Cryptographically strong random numbers

Adam Barth w3c at adambarth.com
Fri Feb 4 16:42:33 PST 2011

Several folks have asked for a cryptographically strong random number
generator in WebKit.  Our first approach was to make Math.random
cryptographically strong, but that approach has two major

1) It's difficult for a web page to detect whether math.random is
actually cryptographically strong or whether it's a weak RNG.

2) Math.random is used in a number of popular JavaScript benchmarks.
Strengthening math.random to be cryptographically strong would slow
down these benchmarks.  Feel free to treat read this disadvantage as
"folks who don't care about cryptographic strength don't want to pay
the performance cost of cryptographic strength."

Our second approach was to implement crypto.random, with the idea of
matching Firefox.  Unfortunately, Firefox does not appear to implement
crypto.random and instead just exposes a function that throws an
exception.  Additionally, crypto.random returns a string, which isn't
an ideal data type for randomness because we'd need to worry about
strange Unicode issues.

Our third approach is to add a new cryptographically strong PRNG to
window.crypto (in the spirit of crypto.random) that return floating
point and integer random numbers:

interface Crypto {
  Float32Array getRandomFloat32Array(in long length);
  Uint8Array getRandomUint8Array(in long length);

These APIs use the ArrayBuffer types that already exist to service
APIs such as File and WebGL.  You can track the implementation of
these APIs via this WebKit bug:


Please let me know if you have any feedback.


More information about the whatwg mailing list