[whatwg] crypto.getRandomValues feedback

Jonas Sicking jonas at sicking.cc
Mon Feb 20 14:51:45 PST 2012


Hi All,

For reference, much of this feedback has been given in the Firefox
Bugzilla bug. See [1] and forward.

Basically the in/out nature of the getRandomValues function looks very
bad to me. This is inconsistent with almost every other JS API which
uses return values rather than in/out arguments. The main exception
that I can find is Array.splice, but this appears to be so that it can
return the removed items.

But the main thing that I dislike about in/out arguments over return
values is that it makes coding with them very cumbersome. This is a
common pattern in perl:

$tempString = getSomeValue();
$tempString =~ s/expression/;
doStuff($tempString);

This because the =~ operator doesn't return the result of the
search'n'replace expression which is generally the value that you want
to use. The same thing is the case with the getRandomValues API as it
currently exists. The web JS will have to look something like this:

var tempBuffer = new UInt8Array(65536);
crypto.getRandomValues(tempBuffer);
doStuff(tempBuffer);

This can be greatly improved if we make getRandomValues return the
buffer passed to it. That way the following code would work:

doStuff(crypto.getRandomValues(new UInt8Array(65536)));

This will also make it possible to nicely expand the API to take an
integer which the API would use to create a buffer of the passed in
size and fill that with random values. Not something we have to do
right now, but would be easy to add later if we feel the need.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=440046#c205

/ Jonas


More information about the whatwg mailing list