[whatwg] Cryptographically strong random numbers
Glenn Maynard
glenn at zewt.org
Mon Feb 14 16:15:24 PST 2011
On Mon, Feb 14, 2011 at 6:43 PM, Shabsi Walfish <shabsi at google.com> wrote:
> OpenSSL is not exactly a reliable source of cryptographic best practices.
> :) In any case, see here http://linux.die.net/man/4/urandom :
No single implementation is; neither are Linux manpages. The question is
whether there are security issues when generating long-term keys from a
secure PRNG (RC4, Yarrow, Fortuna) from an entropy pool that's been seeded
but exhausted. I suspect that question has been examined at great length by
others in the past, so I doubt there's new ground for us to cover on this.
It would be interesting if anyone knows of any competent analysis of this
question (preferably in a form written for non-cryptographers).
In any case, an API which returns random data with a guarantee of entropy
inherently must block, like /dev/random does. That implies an asynchronous
API, taking a callback which is called when the requested data is
available. Even if that's ultimately wanted, it would be a separate API.
(Of course, if that API is created later, then it should be similar to this
one--an asynchronous version of this synchronous API. I can think of some
minor speed bumps to making an async version of this API--you don't want to
write to the array asynchronously, while other code is running--but nothing
unreasonable.)
--
Glenn Maynard
More information about the whatwg
mailing list