[whatwg] Cryptographically strong random numbers
Dirk-Willem van Gulik
Dirk-Willem.van.Gulik at BBC.co.uk
Sat Feb 5 09:02:07 PST 2011
On 5 Feb 2011, at 16:37, Boris Zbarsky wrote:
> The question is, do people want cryptographically secure random numbers for crypto, or something else? As you say, we need to understand the use cases.
If you want to use them for crypto - you need to have a very clear contract. Otherwise they are may well be very usable - but not for crypto.
I.e. be very clear if you desire to follow the recommendation in something like FIPS P 800-90* or passes the various tests in FIPS SP 800-22 (or some other recognised equivalent).
As IMHO 'Then and only then' can one use it for crypto without worry. As otherwise it is just strong randomness.
Thanks,
Dw
*: http://csrc.nist.gov/publications/PubsSPs.html
More information about the whatwg
mailing list