[whatwg] Cryptographically strong random numbers

Kyle Simpson getify at gmail.com
Tue Feb 22 15:36:52 PST 2011


> I didn't see a way to set the seed of Math.random(), so the 
> ECMAScript/Javascript version lacks this useful property.

Butting in, for a moment... I thought JavaScript seeded the PRNG with the 
timestamp by default? Perhaps I'm totally off base, but that's long been my 
assumption, and the reason why I never questioned not having a `seed()` 
function to set it, since the timestamp was fine for most non-crypto needs. 
I also recall that being one of the main complaints about Math.random for 
crypto needs.


> But, having both a repeatable random function and a secure random function 
> in a language is certainly reasonable.

If it's a choice between repeatable-random and actual random... I vote 
actual random with all my fingers and toes. Test harnesses can override 
Math.random() with fake repeatable sequences for that purpose. In the real 
world (non-testing), repeatable-random is far less desirable, at least I 
would think.

(butting back out)


--Kyle

 



More information about the es-discuss mailing list