[whatwg] crypto.getRandomValues feedback

[Jonas Sicking]

Awesome, thanks!

/ Jonas

On Tue, Feb 21, 2012 at 5:18 AM, Adam Barth <w3c at adambarth.com> wrote:
> I've updated http://wiki.whatwg.org/wiki/Crypto to have
> getRandomValues return the array.
>
> Adam
>
>
> On Mon, Feb 20, 2012 at 2:51 PM, Jonas Sicking <jonas at sicking.cc> wrote:
>> Hi All,
>>
>> For reference, much of this feedback has been given in the Firefox
>> Bugzilla bug. See [1] and forward.
>>
>> Basically the in/out nature of the getRandomValues function looks very
>> bad to me. This is inconsistent with almost every other JS API which
>> uses return values rather than in/out arguments. The main exception
>> that I can find is Array.splice, but this appears to be so that it can
>> return the removed items.
>>
>> But the main thing that I dislike about in/out arguments over return
>> values is that it makes coding with them very cumbersome. This is a
>> common pattern in perl:
>>
>> $tempString = getSomeValue();
>> $tempString =~ s/expression/;
>> doStuff($tempString);
>>
>> This because the =~ operator doesn't return the result of the
>> search'n'replace expression which is generally the value that you want
>> to use. The same thing is the case with the getRandomValues API as it
>> currently exists. The web JS will have to look something like this:
>>
>> var tempBuffer = new UInt8Array(65536);
>> crypto.getRandomValues(tempBuffer);
>> doStuff(tempBuffer);
>>
>> This can be greatly improved if we make getRandomValues return the
>> buffer passed to it. That way the following code would work:
>>
>> doStuff(crypto.getRandomValues(new UInt8Array(65536)));
>>
>> This will also make it possible to nicely expand the API to take an
>> integer which the API would use to create a buffer of the passed in
>> size and fill that with random values. Not something we have to do
>> right now, but would be easy to add later if we feel the need.
>>
>> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=440046#c205
>>
>> / Jonas