[whatwg] Cryptographically strong random numbers

Glenn Maynard glenn at zewt.org
Mon Feb 14 16:15:24 PST 2011


On Mon, Feb 14, 2011 at 6:43 PM, Shabsi Walfish <shabsi at google.com> wrote:

> OpenSSL is not exactly a reliable source of cryptographic best practices.
> :) In any case, see here http://linux.die.net/man/4/urandom :


No single implementation is; neither are Linux manpages.  The question is
whether there are security issues when generating long-term keys from a
secure PRNG (RC4, Yarrow, Fortuna) from an entropy pool that's been seeded
but exhausted.  I suspect that question has been examined at great length by
others in the past, so I doubt there's new ground for us to cover on this.
It would be interesting if anyone knows of any competent analysis of this
question (preferably in a form written for non-cryptographers).

In any case, an API which returns random data with a guarantee of entropy
inherently must block, like /dev/random does.  That implies an asynchronous
API, taking a callback which is called when the requested data is
available.  Even if that's ultimately wanted, it would be a separate API.

(Of course, if that API is created later, then it should be similar to this
one--an asynchronous version of this synchronous API.  I can think of some
minor speed bumps to making an async version of this API--you don't want to
write to the array asynchronously, while other code is running--but nothing
unreasonable.)

-- 
Glenn Maynard



More information about the whatwg mailing list