[whatwg] Cryptographically strong random numbers
Boris Zbarsky
bzbarsky at MIT.EDU
Sat Feb 5 08:37:19 PST 2011
On 2/5/11 1:55 AM, Roger Hågensen wrote:
> On 2011-02-05 04:39, Boris Zbarsky wrote:
>> In general, I suspect creating a good definition for the float version
>> of this API may be hard.
>
> Not really, usually it is a number from 0.0 to 1.0, which would map to
> say the same as 0 to whatever max 64bit is.
Those aren't the same thing, though.
> Depending on the implementation, the simplest is just to do (pseudocode)
> float=Random(0,$FFFFFFFFFFFFFFFF)/$FFFFFFFFFFFFFFFF
That gives you non-uniform distribution, no? In particular, the
conversion to float will lead to rounding, and different rounding in
different parts of the range. So for example if the result of Random()
is 2^{50} you will get the same float as you would for everything up
through 2^{50} + 2^{25} or so (assuming single-precision floats),
whereas around 0 the range of values that actually ends up 0 is only
about 2^18 because you can end up with subnormals, right?
> And yes, float issues of rounding and "almost correct but not quite"
> will also be an issue here.
Indeed; I'm not sure how you can say creating a good definition is "not
really hard" while leaving this problem unsolved in the "not really
hard" case... ;)
> Float random does not make much sense in crypto.
Indeed.
The question is, do people want cryptographically secure random numbers
for crypto, or something else? As you say, we need to understand the
use cases.
-Boris
More information about the whatwg
mailing list