[whatwg] Cryptographically strong random numbers
Boris Zbarsky
bzbarsky at MIT.EDU
Sat Feb 5 18:34:19 PST 2011
On 2/5/11 9:08 PM, Roger Hågensen wrote:
> If you really wanted a float, and really wanted minimal issue with float
> behavior then creating a random um... mantissa.?... "should" allow a
> better 0.0 to 1.0 than the divide shown further up.
That's the thing. The valid mantissas for IEEE floats are nonuniformly
distributed on the unit interval. So you don't want to generate all
mantissas with equal probability... or something. So yeah, the key
issue here is defining what one means by "a random float" and what one
wants from it.
I suspect that most people who use random numbers on the web don't stop
to think about any of that, though; I just always hope whatever they're
doing with them is unimportant enough that the issues with their
randomness sources won't matter...
> I suspect that they may not want secure random numbers as much as they
> might want secure random data for key generation.
That makes sense, and doesn't need floats. I don't think we need use
cases for the uint8 version of a good random-number generator. There
are lots of those. ;)
The context in which I've seen people ask for cryptographically secure
Math.random are cases where one script can tell what random numbers
another script got by examining the sequence of random numbers it's
getting itself. But I was never told what that "other script" was
doing, only that it wanted its random numbers to be unguessable.
> Couldn't the Uint8Array mostly piggyback on whatever certificate code
> the browser has? Which is either done by the browser or by a OS API.
> In fact leaving the sourcing of the data not specified (besides that it
> need to be cryptographically secure/random) because it would be
> implementation agnostic and hence future proof.
That's the general idea, yes.
-Boris
More information about the whatwg
mailing list