[whatwg] Cryptographically strong random numbers
Brendan Eich
brendan at mozilla.org
Mon Feb 14 11:56:17 PST 2011
On Feb 14, 2011, at 11:31 AM, Adam Barth wrote:
> What's non-interoperable about filling an ArrayBuffer with random bytes? I'm not sure I understand your question.
The question is what OSes fail to provide enough random bits these days.
This may just be a sanity-checking step (my sanity, at least; I lived through the great entropy hunt of 1995; http://www.cs.berkeley.edu/~daw/papers/ddj-netscape.html [link courtesy dwagner]).
> However, I'm disinclined to wait on the basic best-effort PRNG for that to happen.
What would you be waiting for? Ignoring Ecma, just adding code to WebKit doesn't make a cross-browser standard. Never mind Firefox (we'll do something soon enough to match). What about IE?
It seems to me we (whatwg members, w3c members; browser vendors in general) need something more than IDL in the way of a spec.
> I added support for all the integer ArrayBuffer types, so getRandomBytes isn't a particularly accurate name.
Ok, that seems fine (now that I have read your patch -- thanks for the link!).
/be
More information about the whatwg
mailing list