[whatwg] Cryptographically strong random numbers

Shabsi Walfish shabsi at google.com
Mon Feb 14 14:37:51 PST 2011


It'd be nice if there was at least a way to explicitly detect if you were
getting "weaker" entropy... In linux, for example, there is a /proc
filesystem entry (/proc/sys/kernel/random/entropy_avail) that indicates how
much entropy is available in the pool.

Shabsi

On Mon, Feb 14, 2011 at 2:30 PM, Glenn Maynard <glenn at zewt.org> wrote:

> On Mon, Feb 14, 2011 at 5:08 PM, Adam Barth <w3c at adambarth.com> wrote:
>
>> On Mon, Feb 14, 2011 at 12:49 PM, Brendan Eich <brendan at mozilla.org>
>> wrote:
>> > On Feb 14, 2011, at 12:26 PM, Adam Barth wrote:
>> > > Ok.  I'll write up a spec later today.
>> >
>> > Thanks.
>>
>> Done: http://wiki.whatwg.org/wiki/Crypto
>>
>> Feedback appreciated.
>>
>
> > If insufficient cryptographically random values are available,
> getRandomValues does not alter array and throws a NOT_SUPPORTED_ERR
>
> I'm not sure if this means "if you're using /dev/random and it would block,
> throw", or "if the amount of entropy in the PRNG's entropy pool is low,
> throw", but they both seem hard to deal with from scripts.  There's no way
> to know when to try again, and most applications wanting secure PRNGs don't
> need this.  Even ssh-keygen seems to simply use /dev/urandom without
> worrying about it returning low-entropy randomness.
>
> I think it makes more sense to imply /dev/urandom's behavior: always return
> data, even if the entropy pool is low.  If there's a need for randomness
> with that stronger guarantee of entropy, that seems like it would want an
> asynchronous API in order to wait for entropy (akin to /dev/random).
>
> --
> Glenn Maynard
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20110214/0fce3419/attachment-0001.html>


More information about the es-discuss mailing list