[whatwg] Cryptographically strong random numbers

Dirk-Willem van Gulik Dirk-willem.Van.gulik at bbc.co.uk
Sat Feb 5 07:36:36 PST 2011


On 5 Feb 2011, at 00:42, Adam Barth wrote:

...
> cryptographically strong PRNG

Would it be useful to very clearly qualify this - and put a boundary around this potentially unsolvable problem ? I.e. a pseudo random generator which meeds to exceeds requirements X, Y and Z from NIST SP 800-90 or which passes critera such-and-such from NIST 800-22 ?

Just so that both the contract to the user is clear - and it is measurable ? And it is clear what it can be used for.

> Our third approach is to add a new cryptographically strong PRNG to
> window.crypto (in the spirit of crypto.random) that return floating
> point and integer random numbers:
> 
> interface Crypto {
> Float32Array getRandomFloat32Array(in long length);
> Uint8Array getRandomUint8Array(in long length);
> };

A Uint8 makes perfect sense - but why the float ? What crypto uses this ? And exactly what do then the various +- infitiy/NaNs mean ?

Dw


More information about the whatwg mailing list