[whatwg] Cryptographically strong random numbers

Brendan Eich brendan at mozilla.org
Mon Feb 14 11:56:17 PST 2011


On Feb 14, 2011, at 11:31 AM, Adam Barth wrote:

> What's non-interoperable about filling an ArrayBuffer with random bytes?  I'm not sure I understand your question.

The question is what OSes fail to provide enough random bits these days.

This may just be a sanity-checking step (my sanity, at least; I lived through the great entropy hunt of 1995; http://www.cs.berkeley.edu/~daw/papers/ddj-netscape.html [link courtesy dwagner]).


> However, I'm disinclined to wait on the basic best-effort PRNG for that to happen.

What would you be waiting for? Ignoring Ecma, just adding code to WebKit doesn't make a cross-browser standard. Never mind Firefox (we'll do something soon enough to match). What about IE?

It seems to me we (whatwg members, w3c members; browser vendors in general) need something more than IDL in the way of a spec.


> I added support for all the integer ArrayBuffer types, so getRandomBytes isn't a particularly accurate name.

Ok, that seems fine (now that I have read your patch -- thanks for the link!).

/be




More information about the whatwg mailing list