[whatwg] Cryptographically strong random numbers

Adam Barth w3c at adambarth.com
Sun Feb 13 21:55:29 PST 2011

Fortunately, these APIs are quite simple (e.g., the implementation in
WebKit is a whole four lines of code) and having more than one way to
access good randomness isn't terribly costly.  Even if strong
randomness is a future aspiration for ECMAScript,
crypto.getRandomValues provides benefits today at low cost and is
probably still worth doing.


On Sun, Feb 13, 2011 at 8:26 PM, Brendan Eich <brendan at mozilla.com> wrote:
> Yes, we aspire to standardize a good RBG as an "upgrade" to Math.random -- obviously a new name would be needed, but with docs and evangelization we would hope to steer people away from that old p.o.s. I copied from Java in 1995 (quote unquote).
> See http://wiki.ecmascript.org/doku.php?id=strawman:random-er for the mostly-aspirational page. As Boris says, this is a core language strawman proposal, not something we want browser-only (think http://nodejs.org/).
> /be
> On Feb 13, 2011, at 6:37 PM, Boris Zbarsky wrote:
>> On 2/13/11 8:22 PM, Adam Barth wrote:
>>> It seems likely that window.crypto will continue to grow more quality
>>> cryptographic APIs, not all of which will be appropriate at the
>>> ECMAScript level.
>> Sure; the question is whether this _particular_ API would be more appropriate at the language level.  Or more to the point, if the language plans to grow it anyway, do we need two APIs for it?
>> It's worth at least checking with the ES folks whether they plan to add a API like this (something that fills in an array of bytes with cryptographically strong random values) in any sort of short-term timeframe.
>> -Boris
>> _______________________________________________
>> es-discuss mailing list
>> es-discuss at mozilla.org
>> https://mail.mozilla.org/listinfo/es-discuss
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss

More information about the whatwg mailing list