[whatwg] Cryptographically strong random numbers

Dirk-Willem van Gulik Dirk-Willem.van.Gulik at BBC.co.uk
Sat Feb 5 09:02:07 PST 2011


On 5 Feb 2011, at 16:37, Boris Zbarsky wrote:

> The question is, do people want cryptographically secure random numbers for crypto, or something else?  As you say, we need to understand the use cases.

If you want to use them for crypto - you need to have a very clear contract. Otherwise they are may well be very usable - but not for crypto. 

I.e. be very clear if you desire to follow the recommendation in something like FIPS P 800-90* or passes the various tests in FIPS SP 800-22 (or some other recognised equivalent).

As IMHO 'Then and only then' can one use it for crypto without worry. As otherwise it is just strong randomness.

Thanks,

Dw

*: http://csrc.nist.gov/publications/PubsSPs.html




More information about the whatwg mailing list