[whatwg] Cryptographically strong random numbers

Adam Barth w3c at adambarth.com
Fri Feb 4 19:53:43 PST 2011


On Fri, Feb 4, 2011 at 7:39 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 2/4/11 7:42 PM, Adam Barth wrote:
>> interface Crypto {
>>   Float32Array getRandomFloat32Array(in long length);
>>   Uint8Array getRandomUint8Array(in long length);
>> };
>
> The Uint8Array version is good; let's do that.
>
> For the other, what does it mean to return a random 32-bit float?  Is NaN
> allowed?  Different NaNs?  -0?  Infinity or -Infinity?  Subnormal values?

Those are good questions.

> Looking at the webkit impl you linked to and my somewhat-old webkit
> checkout, it looks like the proposed impl returns something in the range [0,
> 1), right?  (Though if so, I'm not sure why the &0xFF bit is needed in
> integer implementation.)  It also returns something that's not uniformly
> distributed in that range, at least on Mac and sometimes on Windows (in the
> sense that there are intervals inside [0, 1) that have 0 probability of
> having a number inside that interval returned).

That patch hasn't been reviewed yet.  Think of it more of a proof-of-concept.

> In general, I suspect creating a good definition for the float version of
> this API may be hard.

The main use cases I've heard are for the int version.  Presumable
someone who wants random floats can compute them given integer
randomness.

> One other thing that perhaps needs to be defined is seeding.  In particular,
> just because you have a cryptographically strong PRNG doesn't mean that you
> can't always seed it with 0 on pageload or something dumb like that.  Should
> we require that the seed be truly random or some such?  Or at least not
> fixed?  Should web pages be able to reseed this generator (at least for the
> web page in question; obviously not for others)?

Most operating systems provide strong sources of randomness that can
be used to seed cryptographic PRNGs.  I'd be inclined to recommend
that folks use that sort of "truly random" seed.

Given this feedback, we'll probably start off with the Uint8Array version.

Thanks,
Adam


More information about the whatwg mailing list