[whatwg] Cryptographically strong random numbers

Bill Frantz frantz at pwpconsult.com
Tue Feb 22 15:26:26 PST 2011

On 2/22/11 at 1:36 PM, brendan at mozilla.com (Brendan Eich) wrote:

>However, Math.random is a source of bugs as Amit Klein has 
>shown, and these can't all be fixed by using a better non-CS 
>PRNG underneath Math.random and still decimating to an IEEE 
>double in [0, 1]. The use-cases Klein explored need both a 
>CS-PRNG and more bits, IIRC. Security experts should correct 
>amateur-me if I'm mistaken.

I'll see if the security expert hat fits. :-)

The random() function in many languages has a useful property 
which is incompatible with security. By setting its seed, you 
can get deterministic execution of a Monte Carlo algorithm. 
IANAJSE, but I didn't see a way to set the seed of 
Math.random(), so the ECMAScript/Javascript version lacks this 
useful property. But, having both a repeatable random function 
and a secure random function in a language is certainly reasonable.

Cheers - Bill

Bill Frantz        |The nice thing about standards| Periwinkle
(408)356-8506      |is there are so many to choose| 16345 
Englewood Ave
www.pwpconsult.com |from.   - Andrew Tannenbaum   | Los Gatos, 
CA 95032

More information about the es-discuss mailing list