[whatwg] Cryptographically strong random numbers
Nifty Egg Mitch
mitch at niftyegg.com
Sun Feb 6 14:30:02 PST 2011
On Sun, Feb 06, 2011 at 09:04:50AM +0100, Roger Hågensen wrote:
> Subject: Re: [whatwg] Cryptographically strong random numbers
> On 2011-02-06 04:54, Boris Zbarsky wrote:
> >On 2/5/11 10:22 PM, Roger Hågensen wrote:
> >>This is just my oppinion but... If they need random number generation in
> >>their script to be cryptographically secure to be protected from another
> >>"spying" script...
Good reading -- thanks for the four below links:
> >You may want to read these:
> .... [snip]
> Outch yeah, a nice mess there.
> Math.random should be fixed (if implementations are bugged) so that
> cross-site tracking is not possible, besides that Math.random should
> just be a quick PRNG for generic use.
> I think it would be better to ensure it is not named "random" but
> "srandom" or "s_random" or "c_random" to avoid any confusion with
> How about "cryptrnd", anyone?
> I'd hate to see a bunch of apps using cryptographically secure
> random numbers/data just because it was called "random",
> while in all likelyhood they'd be fine with Math.random instead.
Adding crypt* is a bit unsettling.
Adding randKnuthLCM, or rand.Algorithm
makes more sense. To ignore that Knuth devoted
an entire chapter to random numbers is
naive. See Chapter 3 of Vol 2.
Perhaps someone at RSA could contribute
a list of algorithms that are worthy.
More information about the whatwg