[whatwg] Cryptographically strong random numbers

Glenn Maynard glenn at zewt.org
Mon Feb 14 14:30:11 PST 2011


On Mon, Feb 14, 2011 at 5:08 PM, Adam Barth <w3c at adambarth.com> wrote:

> On Mon, Feb 14, 2011 at 12:49 PM, Brendan Eich <brendan at mozilla.org>
> wrote:
> > On Feb 14, 2011, at 12:26 PM, Adam Barth wrote:
> > > Ok.  I'll write up a spec later today.
> >
> > Thanks.
>
> Done: http://wiki.whatwg.org/wiki/Crypto
>
> Feedback appreciated.
>

> If insufficient cryptographically random values are available,
getRandomValues does not alter array and throws a NOT_SUPPORTED_ERR

I'm not sure if this means "if you're using /dev/random and it would block,
throw", or "if the amount of entropy in the PRNG's entropy pool is low,
throw", but they both seem hard to deal with from scripts.  There's no way
to know when to try again, and most applications wanting secure PRNGs don't
need this.  Even ssh-keygen seems to simply use /dev/urandom without
worrying about it returning low-entropy randomness.

I think it makes more sense to imply /dev/urandom's behavior: always return
data, even if the entropy pool is low.  If there's a need for randomness
with that stronger guarantee of entropy, that seems like it would want an
asynchronous API in order to wait for entropy (akin to /dev/random).

-- 
Glenn Maynard



More information about the whatwg mailing list