[whatwg] Cryptographically strong random numbers

Cedric Vivier cedricv at neonux.com
Fri Feb 11 10:00:15 PST 2011

On Fri, Feb 11, 2011 at 19:38, Adam Barth <w3c at adambarth.com> wrote:
> Just to followup on this thread, I've landed this feature in WebKit.
> I'm not sure whether it made it into tonight's nightly, but it should
> be in a nightly shortly.


> interface Crypto {
>  void getRandomValues(in ArrayBufferView array) raises(DOMException);
> };
> If the ArrayBufferView isn't a Uint8Array , getRandomValues throws
> an exception (VALIDATION_ERR

Is there a specific reason for this limitation?
Imho it should throw only for Float32Array and Float64Array since
unbounded random floating numbers does not really make sense
(including because of NaN and +inf -inf).
However some use cases might prefer signed Int8Array or any other
integer type and it doesn't change anything to the implementation :
filling bytes to the ArrayBufferView's underlying ArrayBuffer).

Like for instance you can do below in C to get random 32-bit numbers
directly (though 'read' might very well get them one byte at a time
from /dev/random) :
int32_t random_32bit_integers[32];
read(dev_random_fd, random_32bit_integers, sizeof(random_32bit_integers))


More information about the whatwg mailing list