[whatwg] Cryptographically strong random numbers

David Wagner daw at cs.berkeley.edu
Wed Feb 16 10:40:12 PST 2011


[re-sending to es-discuss]

Shabsi Walfish wrote:
> This depends on what you consider to be the basic use case. Generating
> long-lived cryptographic keys absolutely requires high quality entropy... if
> you are only generating short-lived authenticators (that are not used for
> encryption) then you could get away with weaker entropy. You will get the
> most mileage out of this feature if it can be used to generate encryption
> keys, or long-lived signing keys.

Personally, I think discussion about the "quality" of the PRNG is a
distraction.  The PRNG should produce crypto-quality random numbers.
Period.  That's all that need be said.  That's good enough.  It's good
enough for short-lived authenticators, good enough for encryption keys,
good enough for any signing key that's going to be used in Javascript.
It's just plain good enough.

There's no need for an interface to request or query or specify the
quality or entropy of the random numbers.  Callers should be able to
rely upon it to be crypto-quality.  Browsers can deliver on that.

My advice is: Keep the API as simple as it possibly can be.  Don't get
distracted with twirly knobs and added complications.  A simple API will
be plenty to get the job done.  Stay on target.


More information about the es-discuss mailing list