[whatwg] Cryptographically strong random numbers
Glenn Maynard
glenn at zewt.org
Sat Feb 5 20:21:43 PST 2011
On Sat, Feb 5, 2011 at 11:07 PM, Cedric Vivier <cedricv at neonux.com> wrote:
> read(FD("/dev/random"), PTR(arraybufferview->data),
> arraybufferview->byteLength)
>
More accurately, /dev/urandom, since this is a synchronous API that
shouldn't block. This should be made explicit if this gets specced.
I thought about suggesting a /dev/random-like interface earlier--one which
reads from a real, blocking entropy source (like /dev/random) with an async
API. However, on examination /dev/urandom is apparently good enough even
for ssh-keygen, so I'm guessing that's unnecessary. (It could also cause
other problems, eg. allowing webpages to flush a user's kernel's entropy
buffer and causing separate pages to compete for entropy data.)
--
Glenn Maynard
More information about the whatwg
mailing list