[whatwg] crypto.getRandomValues feedback
Adam Barth
w3c at adambarth.com
Mon Feb 20 20:18:31 PST 2012
I've updated http://wiki.whatwg.org/wiki/Crypto to have
getRandomValues return the array.
Adam
On Mon, Feb 20, 2012 at 2:51 PM, Jonas Sicking <jonas at sicking.cc> wrote:
> Hi All,
>
> For reference, much of this feedback has been given in the Firefox
> Bugzilla bug. See [1] and forward.
>
> Basically the in/out nature of the getRandomValues function looks very
> bad to me. This is inconsistent with almost every other JS API which
> uses return values rather than in/out arguments. The main exception
> that I can find is Array.splice, but this appears to be so that it can
> return the removed items.
>
> But the main thing that I dislike about in/out arguments over return
> values is that it makes coding with them very cumbersome. This is a
> common pattern in perl:
>
> $tempString = getSomeValue();
> $tempString =~ s/expression/;
> doStuff($tempString);
>
> This because the =~ operator doesn't return the result of the
> search'n'replace expression which is generally the value that you want
> to use. The same thing is the case with the getRandomValues API as it
> currently exists. The web JS will have to look something like this:
>
> var tempBuffer = new UInt8Array(65536);
> crypto.getRandomValues(tempBuffer);
> doStuff(tempBuffer);
>
> This can be greatly improved if we make getRandomValues return the
> buffer passed to it. That way the following code would work:
>
> doStuff(crypto.getRandomValues(new UInt8Array(65536)));
>
> This will also make it possible to nicely expand the API to take an
> integer which the API would use to create a buffer of the passed in
> size and fill that with random values. Not something we have to do
> right now, but would be easy to add later if we feel the need.
>
> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=440046#c205
>
> / Jonas
More information about the whatwg
mailing list