[whatwg] Cryptographically strong random numbers
Erik Corry
erik.corry at gmail.com
Tue Feb 22 15:45:55 PST 2011
Thanks for the link. Having read the section in question I am satisfied that
the author has no problem with the API.
On Feb 23, 2011 12:34 AM, "Brendan Eich" <brendan at mozilla.org> wrote:
> On Feb 22, 2011, at 2:49 PM, Erik Corry wrote:
>> I can find Klein's complaints that the implementation of Math.random is
insecure but not his complaints about the API. Do you have a link?
>
> In the paper linked from http://seclists.org/bugtraq/2010/Dec/13 section 3
("3. The non-uniformity bug"), viz:
>
> "Due to issues with rounding when converting the 54 bit quantity to a
double precision number (as explained in
http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdfsection
2.1, x2 may not accurately represent the state bits if the whole
double precision number is ≥0.5."
>
> but that link dangles, and I haven't had time to read more.
>
> The general concern about the API arises because Adam's API returns a
typed array result that could have lenght > 1, i.e., not a random result
that fits in at most 32 (or even 53) bits.
>
> /be
More information about the whatwg
mailing list